Hi!
As someone who has recently completed the Practical API Hacking Testing course from TCM Security, taught by Alex Olsen, I wanted to share my thoughts and experiences. This course is designed to provide comprehensive knowledge and practical skills for testing and securing APIs, an increasingly critical area in cybersecurity. As a final word I would really recommend this course!
Great work Alex! Next is the web course 🙂
Who schould take this course?
This course is ideal for:
Cybersecurity Professionals: Those looking to specialize in API security or enhance their existing skills.
Web Developers: Developers who want to build more secure APIs and understand potential vulnerabilities.
Penetration Testers: Professionals who need to add API testing to their skill set.
Students and Beginners: Individuals starting their career in cybersecurity and looking for practical, hands-on experience.
Why?
Comprehensive Curriculum: Covers all aspects of API security from the basics to advanced topics.
Practical Experience: Extensive hands-on labs and real-world examples to apply the learned concepts.
Expert Instructor: Alex Olsen’s clear and detailed teaching style helps demystify complex topics.
Essential Tools: Learn to use industry-standard tools like Postman, Burp Suite.
Career Advancement: Gain valuable skills that are in high demand in the cybersecurity field.
What is in the course?
The Practical API Hacking Testing course by TCM Security offers a detailed and structured curriculum designed to equip students with both theoretical knowledge and practical skills in API security. Here’s a comprehensive breakdown of the course content:
Introduction to APIs:
- Basics of APIs, types (REST, SOAP, GraphQL), and their security implications.
Tool Setup and Usage:
- Installation and introduction to essential tools like Postman, Burp Suite, and Docker for testing and exploiting APIs.
Enumeration Techniques:
- Methods to discover API endpoints and gather information using fuzzing and source code analysis.
Attacking Authorization:
- Exploiting authorization flaws such as Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA).
Attacking Authentication:
- Techniques for attacking authentication mechanisms, including token manipulation and JSON Web Token (JWT) attacks.
Injection Attacks:
- Exploiting SQL and NoSQL injection vulnerabilities to compromise API security.
Mass Assignment:
- Identifying and exploiting mass assignment vulnerabilities to gain unauthorized access.
Excessive Data Exposure:
- Understanding and exploiting vulnerabilities where APIs expose more data than necessary.
Server-side Request Forgery (SSRF):
- Techniques for exploiting SSRF vulnerabilities to manipulate server requests.
Chaining Vulnerabilities:
- Combining multiple vulnerabilities to achieve more significant attacks, such as command injection.
Capstone Challenges:
- Comprehensive challenges that combine multiple techniques to simulate real-world API security testing scenarios.
Conclusion
The Practical API Hacking Testing course from TCM Security, led by Alex Olsen, is an excellent resource for anyone looking to specialize in API security. Whether you’re a beginner or an experienced professional, this course offers valuable insights and practical skills that are crucial in today’s cybersecurity landscape.
If you’re considering advancing your skills in API testing and security, I highly recommend this course. It provides a solid foundation, practical experience, and a deeper understanding of the challenges and techniques involved in securing APIs.
The Agenda (6 hours)
Welcome to the Course!
- Start Here (3:02 )
- Course Discord & Getting Support (1:51 )
Introduction
- What is an API? (1:51 )
- Interacting with APIs (6:13 )
- Types of APIs (2:59 )
- API Security (1:33 )
Lab Setup
- Tool Installation (8:55 )
- BURP Suite Introduction (9:43 )
- Postman Introduction (6:07 )
- Docker Introduction (7:36 )
Enumerating APIs
- Introduction to Enumeration (0:53 )
- Fuzzing APIs (13:48 )
- Discovery via Source code (5:21 )
Attacking Authorization
- Introduction to Authorization (2:05 )
- BOLA Lab (6:15 )
- BFLA Lab (6:59 )
- Challenge Solution (10:19 )
Attacking Authentication
- Introduction to Authentication (2:14 )
- Attacking Authentication (11:35 )
- Attacking Tokens (11:23 )
- JSON Web Tokens – Part 1: Theory (5:53 )
- JSON Web Tokens – Part 2: Attacking JWTs (3:52 )
- JSON Web Tokens – Part 3: jwt_tool (17:37 )
- Challenge Solution (26:21 )
Injection
- Introduction to Injection Attacks (1:10 )
- Introduction to SQL Injection (2:04 )
- SQL Injection Lab (19:03 )
- SQL Injection Lab – Login Bypass (4:29 )
- NoSQL Injection Lab (14:14 )
- Challenge Solution (5:00 )
Mid-course Capstone
- Mid-course Capstone Challenge (2:07 )
- Challenge Solution (14:17 )
Mass Assignment
- Introduction to Mass Assignment (2:18 )
- Code Walkthrough (7:38 )
- Mass Assignment Lab (8:18 )
- Challenge Solution (6:22 )
Excessive Data Exposure
- Introduction to Excessive Data Exposure (1:41 )
- Excessive Data Exposure Lab (3:22 )
- Challenge Solution (1:49 )
SSRF – Server-side Request Forgery
- Introduction to SSRF (1:33 )
- SSRF Lab (5:55 )
- Challenge Solution (2:52 )
Chaining Vulnerabilities
- Command Injection (3:24 )
- Challenge Solution (10:29 )
Final Capstone
- Final Capstone Challenge (8:10 )
- Challenge Solution (30:37 )
- Congratulations & Thank You! (0:28 )
Conclusion
The Practical API Hacking Testing course from TCM Security, led by Alex Olsen, is an excellent resource for anyone looking to specialize in API security. Whether you’re a beginner or an experienced professional, this course offers valuable insights and practical skills that are crucial in today’s cybersecurity landscape.
If you’re considering advancing your skills in API testing and security, I highly recommend this course. It provides a solid foundation, practical experience, and a deeper understanding of the challenges and techniques involved in securing APIs.
Contact
Linktree: https://linktr.ee/appsecexplained
That was all for now!
Keep Hacking!
//Roger
Tips and Tricks 
Leave a comment