Offensive API Exploitation and Security


Offensive API Exploitation and Security is a customized course that teaches how to defend your API’s. This course is an advanced, hands-on, practical program where each candidate is given a custom VM developed specifically for API penetration testing, and all tools are configured to verify safety defects in modern API.
API stands for Application Programming Interface which is widely used on the internet for Web Application, mobile, IoT, desktop applications, and much more as shown in examples above. The modern application uses the API to call or execute the actions or the activities of the user. Customers or service users are exposed to the API architecture or structure.
API Pentesting
The REST API uses multiple processing requests such as GEP, PAST, PUT, Erase, HEAD, and PATCH behavior. This helps the user to understand the API's structure and use this information attack API further. This understanding of API can be used to exploit the API.


# Cloud Based API Exploitation
# Authentication and Access Control Bypass
# Live Real World API Exploitation
# All Injections
# OAUTH2.0 Exploitation
# IDOR (Insecure Direct Object Reference)
# All Server-Side Vulnerabilities
# Crypto and Algorithm Attacks
# Content Discovery & API Fuzzing
# REST, GRAPHQL, and SOAP API Exploitation


Resources Access with-

Free challenges lab access
Unbounded revision
15 real world case studies
lifelong instructor support
Practice labs before exam
80+ Recorded session video access


Even though the OAES will start from scratch we recommend, a candidate to have fundamental understanding of how Network and Web Applications works.


> This course will benefit all who want to choose their career as a Penetration Tester, and add 
> API Security and OAuth to their skills.
> Software Engineer
> Security Expert
> Application Developer
> Web Developer
> Backend Developer
> Penetration Tester
> Ethical Hacker


CPU: 64-bit Intel i5/i7 with 4th generation + (2.0 GHz)
8 GB of RAM or higher
300 GB free space
Administrator Access
Wi-Fi 802.11 capability
Windows 10 Pro, Linux or macOS (Latest updated)
NOTE: All other software and configuration requirement will be provided and guided.


40 hours live instructor led training with complete hands-on.


Training + course material + exam certification $500 USD.


Module-1- Brief Introduction to API and case study
Module-2- HTTP and HTTPS basics
Module-3- Brief Introduction to TLS/SSL and how encryption work
Module-4- API Standards in Details
Module-5- Lab Setup for Offensive API Penetration Testing
Module-6- Python Lab Setup for API Penetration Testing
Module-7- Modern API Attacks and Countermeasure
Module-8- Securing API and case study
Module-9- Proxy Tools and configuration ( Burpsuite and Fiddler)
Module-10- Exploring Hidden feature of BURP for API Exploitation
Module-11- TOP-20 API Industry based Tools and configuration
Module-12- Fuzzing API using custom scripts
Module-13- Crafting series of attack for API Exploitation
Module-14- API Reconnaissance and Fingerprint
Module-15- REST-API Crafting attacks
Module-16- Brief Introduction to JWT Token
Module-17- Brief Introduction to Session, Cookie & Tokens
Module-18- JWT Token Bypassing Technique
Module-19- Cryptographic Algorithm Attack
Module-20- UBER/GITHUB API Endpoint Analysis
Module-21- Brief Introduction to OAuth 1 and OAuth 2
Module-22- Brief Introduction to OpenID
Module-23- Attack OAuth Token
Module-24- Open REDIRECT Attack
Module-25- XSS and CSRF Attack on OAuth
Module-26- DOS/DDOS Attack on API
Module-27- Implicit Attack Flow
Module-28- Bruteforcing Attack on Token
Module-29- Pure Bruteforcing Attack on API
Module-30- Authentication Bypass
Module-31- IDOR Attacks Flow and Hands-on
Module-32- SQL Injection Identifying on API
Module-33- SQL Injection Attack on API
Module-34- RCE Attack Flow and Hands-on
Module-35- Mitigation of all API Attacks
Module-36- Hash Cracking Technique
Module-37- Public/Private Key Attacking technique
Module-38- OAES Exam Walkthrough
Module-39- OWASP API Exploitation and Security Top 10
Module-40- OAuth2 Client CSRF Attack
Module-41- OAuth2 Authorization Server CSRF 
Module-42- CVE-2016-4977( Vulnerable Version of Spring's OAuth)


Call-  +8801568320150