Offensive API Exploitation and Security is a customized course that teaches how to defend your API’s. This course is an advanced, hands-on, practical program where each candidate is given a custom VM developed specifically for API penetration testing, and all tools are configured to verify safety defects in modern API.
API stands for Application Programming Interface which is widely used on the internet for Web Application, mobile, IoT, desktop applications, and much more as shown in examples above. The modern application uses the API to call or execute the actions or the activities of the user. Customers or service users are exposed to the API architecture or structure.
The REST API uses multiple processing requests such as GET, POST, PUT, DELETE, OPTIONS, PROPFIND etc. This helps the user to understand the API's structure and use this information attack API further. This understanding of API can be used to exploit the API.
Why hackerSlash?
hackerSlash has launched this custom made completely hands-on course, and advanced CTF(capture the flag) labs are introduced for each candidate. This Certification program will focus on complete API exploitation and defense technique. We will dive deep in detail all standards like SOAP, XML, REST, and GRAPH QL, and best practices.
We will also learn how we can penetrate cloud-based Web API and will go through advanced technique and industry best practices for a modern web application, mobile app, and desktop applications.
COURSE HIGHLIGHTS
Cloud Based API Exploitation
Authentication and Access Control Bypass
Live Real World API Exploitation
All Injections
OAUTH2.0 Exploitation
IDOR (Insecure Direct Object Reference)
All Server-Side Vulnerabilities
Crypto and Algorithm Attacks
Content Discovery & API Fuzzing
REST, GRAPHQL and SOAP API Exploitation
Resources Access
Free challenges lab access
Unbounded revision
15 real world case studies
lifelong instructor support
Practice labs before exam
80+ Recorded session video access
Course Delivery
In-Person
Live Instructor Led
OnDemand
Onsite
COURSE SYLLABUS
Module 1: Brief Introduction to API and case study
Module 2: HTTP and HTTPS basics
Module 3: Brief Introduction to TLS/SSL and how encryption work
Module 4: API Standards in Details
Module 5: Lab Setup for Offensive API Penetration Testing
Module 6: Python Lab Setup for API Penetration Testing
Module 7: Modern API Attacks and Countermeasure
Module 8: Securing API and case study
Module 9: Proxy Tools and configuration ( Burpsuite and Fiddler)
Module 10: Exploring Hidden feature of BURP for API Exploitation
Module 11: TOP-20 API Industry based Tools and configuration
Module 12: Fuzzing API using custom scripts
Module 13: Crafting series of attack for API Exploitation
Module 14: API Reconnaissance and Fingerprint
Module 15: REST-API Crafting attacks
Module 16: Brief Introduction to JWT Token
Module 17: Brief Introduction to Session, Cookie & Tokens
Module 18: JWT Token Bypassing Technique
Module 19: Cryptographic Algorithm Attack
Module 20: UBER/GITHUB API Endpoint Analysis
Module 21: Brief Introduction to OAuth 1 and OAuth 2
Module 22: Brief Introduction to OpenID
Module 23: Attack OAuth Token
Module 24: Open REDIRECT Attack
Module 25: XSS and CSRF Attack on OAuth
Module 26: DOS/DDOS Attack on API
Module 27: Implicit Attack Flow
Module 28: Bruteforcing Attack on Token
Module 29: Pure Bruteforcing Attack on API
Module 30: Authentication Bypass
Module 31: IDOR Attacks Flow and Hands-on
Module 32: QL Injection Identifying on API
Module 33: SQL Injection Attack on API
Module 34: RCE Attack Flow and Hands-on
Module 35: Mitigation of all API Attacks
Module 36: Hash Cracking Technique
Module 37: Public/Private Key Attacking technique
Module 38: OAES Exam Walkthrough
Module 39: OWASP API Exploitation and Security Top 10
Module 40: OAuth2 Client CSRF Attack
Module 41: OAuth2 Authorization Server CSRF
Module 42: CVE-2016-4977( Vulnerable Version of Spring's OAuth)
PREREQUISITES
Even though the course will start from scratch we recommend, a candidate has a fundamental understanding of how Network and Web Applications work.
WHO IS THIS COURSE FOR?
This course will benefit all who want to choose their career as a Penetration Tester, and add API Security and OAuth to their skills.
Software Engineer
Security Expert
Application Developer
Web Developer
Backend Developer
Penetration Tester
Ethical Hacker
SYSTEM REQUIREMENT
CPU: 64-bit Intel i5/i7 with 4th generation + (2.0 GHz)
8 GB of RAM or higher
300 GB free space
Administrator Access
Wi-Fi 802.11 capability
Windows 10 Pro, Linux or macOS (Latest updated)
NOTE: All other software and configuration requirement will be provided and guided.
COURSE DURATION
40 hours live instructor led training with complete hands-on.
