API Security Testing

Business Benefits:
  • Improved team capabilities in designing secure and resilient API-based solutions, with awareness of security issues during the design phase

  • A team skilled in effective API security testing, enabling more thorough assessment of new and existing applications

  • Familiarity with core methods of defending against API-specific attacks, supporting the implementation of best preventive practices

  • Better risk management and minimization of potential threats through the ability to evaluate API-driven applications from a security perspective

Participant Benefits:
  • In-depth understanding of how APIs work and why they are crucial for anyone working in technology
  • Knowledge of how APIs transmit data and connect systems — key to effective and secure interaction with modern applications
  • Learning to identify and exploit common API vulnerabilities to better secure your own projects
  • Gaining awareness of current defensive strategies to protect APIs from attacks
Sample Agenda:
  • How Does an API Work?
    • Understanding basic architecture
    • Identifying architectural weaknesses
    • API operation flow
  • API Communication Methods
    • POST
    • GET
    • PUT
    • DELETE
  • Communication Tools and Techniques
    • Configuring API communication with Postman
    • Importing API calls
    • Proxying traffic between Postman and Burp Suite
    • Discovering endpoints
  • Common API Vulnerabilities (based on OWASP API Top 10)
    • Broken Object Level Authorization
    • Broken Authentication
    • Broken Object Property Level Authorization
    • Unrestricted Resource Consumption
    • Broken Function Level Authorization
    • Unrestricted Access to Sensitive Business Flows
    • Server-Side Request Forgery (SSRF)
    • Security Misconfiguration
    • Improper Inventory Management
    • Unsafe Consumption of APIs
  • Penetration Testing Techniques
    • Executing penetration tests
    • Performing attacks aligned with each item in the OWASP API Top 10
  • Defense Mechanisms
    • Identifying security controls
    • Defining sample security mechanisms based on executed attacks
    •  
Our Trainers:
  • Rafał Gołębiowski – Head of Security​
  • Bartłomiej Wierzbiński – Pentester​

Additional information

Duration

2 days (14 hours)

Format

Exercises, Lectures, Penetration testing, Presentations

Language

English, Polish

Level

Advanced, Beginner, Intermediate

Tell us about your challenge, and we will find the right solution.

Fill out the contact form

Contact details

TestArmy Group S.A. Petuniowa 9/5 53-238 Wrocław Poland

New Field

New Field