
Explore how to secure APIs with authentication and authorization using token endpoints, bearer tokens, JWTs, and refresh tokens, and compare basic authentication, API keys, and OAuth 2 / OpenID Connect workflows.
Learn to implement basic authentication in a Flask API with Flask-HTTPAuth, using a verify_password function for two users and protecting the /api route with auth login required via authorization header.
Explore API architectures from monolithic to microservices, gateways and serverless, then examine GraphQL and REST patterns, plus security, rate limiting, caching, versioning, containers, and deployment considerations.
Examine broken authentication with a no-captcha login page, showing how bots attempt logins and how rate limiting can prevent credential stuffing.
Explore mass assignment by showing how exposing the user type in a post request can change a user to admin, and a response may reveal values attackers can copy.
Demonstrate a basic SQL injection on a login form and how crafted inputs bypass authentication. Also introduce broader injection types: cross-site scripting, LDAP injections, CSV injections, and JSON injections.
Deliver a concise, structured debrief presentation in PowerPoint that reviews findings, impact, and remediation, includes lessons learned and future assessments, and engages stakeholders from the pen test and security teams.
usly crafted to guide you through the complexities of API security, with practical demonstrations, hands-on labs, and expert-level resources to elevate your knowledge and skillset.
In this course, we’ll begin with the very basics of APIs, covering topics such as the fundamentals of what APIs are and how they function within modern web and mobile applications. We’ll dive deeper into the key differences between REST and SOAP, two of the most common API architectures used today. Understanding how to properly interact with APIs is essential, so we’ll teach you effective techniques to communicate with them securely and efficiently.
You’ll also gain a thorough understanding of the OWASP API Top 10 vulnerabilities for 2019 and 2023, enabling you to recognize common security flaws that exist within APIs. We’ll cover critical topics like API documentation, which is key in understanding and exploiting security weaknesses, and API firewalls, which are essential in protecting against malicious activities.
As part of your learning experience, this course offers signature labs that will allow you to practice what you've learned in realistic scenarios. These labs are designed to reinforce the theoretical knowledge covered in the course and give you real-world insights into API hacking.
CAPIE is more than just a course – it’s your gateway to becoming a skilled API penetration tester. With this certification, you will have the knowledge, hands-on practice, and confidence to work with and secure APIs in any real-world environment. Don't miss the opportunity to gain a certification that is tailored to today's industry demands!