Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
CAPIE - Certified API Hacking Expert Course Content
Rating: 4.5 out of 5(125 ratings)
15,478 students

CAPIE - Certified API Hacking Expert Course Content

OWASP API top 10 based API hacking syllabus
Created byWesley Thijs
Last updated 5/2025
English

What you'll learn

  • Identify and exploit common API vulnerabilities (OWASP API Top 10: A1–A10)
  • Perform authenticated and unauthenticated API testing (incl. JWT, OAuth attacks)
  • Read and write API documentation using OpenAPI/Swagger
  • Securely design, implement, and deploy RESTful and SOAP services
  • Use API firewalls and rate-limiting to block attacks
  • Build your own exercise-based lab environment and challenge friends
  • Pass the CAPIE certification exam with confidence

Course content

8 sections52 lectures6h 8m total length
  • CAPIE - Chapter 1.1 - What is an API - PT14:11
  • CAPIE - Chapter 1.1 - What is an API - PT24:14
  • CAPIE - Chapter 1.2 SOAP VS REST7:37
  • CAPIE - Chapter 1.3 Authentication and authorization24:28

    Explore how to secure APIs with authentication and authorization using token endpoints, bearer tokens, JWTs, and refresh tokens, and compare basic authentication, API keys, and OAuth 2 / OpenID Connect workflows.

  • CAPIE - Chapter 1.3EXTRA - Code review - Authentication - API keys2:23
  • CAPIE - Chapter 1.3EXTRA - Code review - Authentication - Basic Auth2:28

    Learn to implement basic authentication in a Flask API with Flask-HTTPAuth, using a verify_password function for two users and protecting the /api route with auth login required via authorization header.

  • CAPIE - Chapter 1.3EXTRA - Code review - Authentication - JWT2:53
  • CAPIE - Chapter 1.3EXTRA - Code review - Authentication - oAuth 2.07:53
  • CAPIE - Chapter 1.4 - API Architectures17:57

    Explore API architectures from monolithic to microservices, gateways and serverless, then examine GraphQL and REST patterns, plus security, rate limiting, caching, versioning, containers, and deployment considerations.

  • CAPIE - Chapter 1.5 API documentation4:29
  • CAPIE - Chapter 1.6 - MCQ chapter 1: Introduction to APIs2:52
  • CAPIE - Chapter 1.7 - Assignment: An introduction to APIs2:36

Requirements

  • No prior hacking experience required
  • Basic familiarity with HTTP (GET/POST) is helpful but not mandatory
  • A computer with internet access (we’ll use free tools like Postman, Burp Suite Community, Python)

Description

usly crafted to guide you through the complexities of API security, with practical demonstrations, hands-on labs, and expert-level resources to elevate your knowledge and skillset.

In this course, we’ll begin with the very basics of APIs, covering topics such as the fundamentals of what APIs are and how they function within modern web and mobile applications. We’ll dive deeper into the key differences between REST and SOAP, two of the most common API architectures used today. Understanding how to properly interact with APIs is essential, so we’ll teach you effective techniques to communicate with them securely and efficiently.

You’ll also gain a thorough understanding of the OWASP API Top 10 vulnerabilities for 2019 and 2023, enabling you to recognize common security flaws that exist within APIs. We’ll cover critical topics like API documentation, which is key in understanding and exploiting security weaknesses, and API firewalls, which are essential in protecting against malicious activities.

As part of your learning experience, this course offers signature labs that will allow you to practice what you've learned in realistic scenarios. These labs are designed to reinforce the theoretical knowledge covered in the course and give you real-world insights into API hacking.

CAPIE is more than just a course – it’s your gateway to becoming a skilled API penetration tester. With this certification, you will have the knowledge, hands-on practice, and confidence to work with and secure APIs in any real-world environment. Don't miss the opportunity to gain a certification that is tailored to today's industry demands!

Who this course is for:

  • Security engineers & pentesters who want to specialize in API testing
  • Developers looking to deepen their understanding of API security
  • IT auditors and compliance officers who review API exposures
  • Anyone preparing for a hands-on API security certification