API Penetration Testing Training

We offer a comprehensive API Penetration Testing course designed to guide aspiring security researchers on their journey to becoming professionals. This self-paced, online course caters to beginners and intermediate learners, providing a solid foundation and practical skills in API security. Additionally, our course is an excellent preparation for industry-recognized certification Certified API Pentester (C-APIPen) from the SecOps Group.

Instructor

Your instructor, Martin Voelk, is a seasoned cybersecurity expert with 25 years of industry experience. Martin holds some of the most prestigious certifications in the field, including CISSP, OSCP, OSWP, and the PortSwigger Burp Suite Certified Practitioner (BSCP). He has also achieved all SecOps Group professional and expert penetration testing certifications, covering domains such as Network Security, Web Application Security, AI/ML, API Security, Cloud, Android, and iOS. With his extensive expertise and credentials, Martin is dedicated to equipping students with the knowledge and skills needed to excel in the cybersecurity profession.

Ethical Hacking of RESTful and GraphQL APIs Training Course

This course features theoretical introductions into API vulnerabilities followed by practical exploitations of common RESTful API and GraphQL API vulnerabilities. Some labs are being performed utilizing the Portswigger Web Academy Labs. Other labs are performed on standalone VMs such as crAPI and DVGA. Martin will be solving a lot of labs and explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. This training is highly recommended for anyone who wants to start out in API Penetration Testing or API Bug Bounty Hunting.

Topics covered:

Broken Function Level Authorization
Unrestricted Access to Sensitive Business Flows
Server Side Request Forgery
Security Misconfiguration
Improper Inventory Management and Unsafe Consumption of APIs.