Curso API Penetration Testing

  • DevOps | CI | CD | Kubernetes | Web3

Curso API Penetration Testing

16 horas
Visão Geral

O Curso API Penetration Testing, cobre todos os tópicos principais para se tornar um profissional APIsec. Este curso prático inclui mais de 12 horas de instrução ao vivo e fornece laboratórios detalhados sobre técnicas de hacking de API e como descobrir vulnerabilidades.

Materiais
Inglês/Português/Lab Prático
Conteúdo Programatico

Introduction

  1. The APIsec Certified Expert (ACE) will guide you through actively testing for API security flaws. This course is a self-paced, practical guide that will show you the tools and techniques that can be leveraged to attack web APIs.

API Reconnaissance

  1. In this module, you will learn passive tools and techniques that can be used to discover and analyze APIs.

Scanning APIs

  1. Now that you have discovered and analyzed an API it is time to learn to properly scan APIs for weaknesses. In this module, you will learn to scan for common security misconfigurations.

Exploiting API Authorization

  1. In this workshop, I will guide you through testing the vulnerable application VAmPI for Broken Object Level Authorization vulnerabilities (BOLA).

Mass Assignment

  1. In this module, you will learn to test for Mass Assignment vulnerabilities.

Rate Limit Testing

  1. In this module, you will learn a variety of techniques to test APIs for rate limiting.

Lab Setup

  1. You'll need to prepare an API hacking system for this course. In this section we'll provide resources for you to set up your own hacking lab.

Endpoint Analysis

  1. In this module, you will learn to make API requests and analyze responses. In addition, you will learn to test for Excessive Data Exposure and Business Logic Flaws.

API Authentication Attacks

  1. Here we dive into various API authentication attacks including password brute force, password reset, password spraying and MFA brute force.

Testing for Improper Assets Management

  1. In this module, you will learn to perform tests for Improper Assets Management.

Injection Attacks

  1. In this module, you will learn to perform various injection attacks including SQL, NoSQL, and XSS.

Combining Tools and Techniques

  1. In this module, you will learn to combine tools and techniques from the previous module to exploit API weaknesses.
TENHO INTERESSE

Ficha do Curso

  • Investimento
    R$ consulte-nos
  • Formato de Entrega
    Presencial & Online Ao Vivo
  • Nível
    Foundation

Calendário

ÍNICIO
TÉRMINO
PERÍODO

Receba todas informações

Cursos Relacionados

Curso Ansible Red Hat Basics Automation Technical Foundation

16 horas

Ver Curso

Curso Terraform Deploying to Oracle Cloud Infrastructure

24 Horas

Ver Curso

Curso Ansible Linux Automation with Ansible

24 horas

Ver Curso

Ansible Overview of Ansible architecture

16h

Ver Curso

Advanced Automation: Ansible Best Practices

32h

Ver Curso

Curso Red Hat DevOps Pipelines and Processes: CI/CD with Jenkins

24h

Ver Curso

Curso Cloud Security and DevSecOps Automation

32 horas

Ver Curso