API Security Testing
Business Benefits:
-
Improved team capabilities in designing secure and resilient API-based solutions, with awareness of security issues during the design phase
-
A team skilled in effective API security testing, enabling more thorough assessment of new and existing applications
-
Familiarity with core methods of defending against API-specific attacks, supporting the implementation of best preventive practices
-
Better risk management and minimization of potential threats through the ability to evaluate API-driven applications from a security perspective
Participant Benefits:
- In-depth understanding of how APIs work and why they are crucial for anyone working in technology
- Knowledge of how APIs transmit data and connect systems — key to effective and secure interaction with modern applications
- Learning to identify and exploit common API vulnerabilities to better secure your own projects
- Gaining awareness of current defensive strategies to protect APIs from attacks
Sample Agenda:
- How Does an API Work?
- Understanding basic architecture
- Identifying architectural weaknesses
- API operation flow
- API Communication Methods
- POST
- GET
- PUT
- DELETE
- Communication Tools and Techniques
- Configuring API communication with Postman
- Importing API calls
- Proxying traffic between Postman and Burp Suite
- Discovering endpoints
- Common API Vulnerabilities (based on OWASP API Top 10)
- Broken Object Level Authorization
- Broken Authentication
- Broken Object Property Level Authorization
- Unrestricted Resource Consumption
- Broken Function Level Authorization
- Unrestricted Access to Sensitive Business Flows
- Server-Side Request Forgery (SSRF)
- Security Misconfiguration
- Improper Inventory Management
- Unsafe Consumption of APIs
- Penetration Testing Techniques
- Executing penetration tests
- Performing attacks aligned with each item in the OWASP API Top 10
- Defense Mechanisms
- Identifying security controls
- Defining sample security mechanisms based on executed attacks
Our Trainers:
- Rafał Gołębiowski – Head of Security
- Bartłomiej Wierzbiński – Pentester
Additional information
| Duration | 2 days (14 hours) |
|---|---|
| Format | Exercises, Lectures, Penetration testing, Presentations |
| Language | English, Polish |
| Level | Advanced, Beginner, Intermediate |
Tell us about your challenge, and we will find the right solution.
Fill out the contact form
Contact details
