Course curriculum

  • 01

    Section 1: Notion Notes - Download - HTML Version

    • 1. Download all the PDF files here

  • 02

    Section 2: PDFs: OWASP APO TOP 10

    • 2. API0.2019: What is an API

    • 3. API1:2019 Broken Object Level Authorization

    • 4. API2:2019 Broken User Authentication

    • 5. API3:2019 Excessive Data Exposure

    • 6. API4:2019 Lack of rate limiting

    • 7. API5:2019 Broken Function Level Authorization

    • 8. API6:2019 Mass Assignment

    • 9. API7:2019 Security Misconfiguration

    • 10. API8:2019 Injection

    • 11. API9:2019 Improper Assets Management

    • 12. API10:2019 Insufficient Logging & Monitoring

  • 03

    Section 3: Video's: OWASP API TOP 10

    • 13. API top 10 - 0 through 3

    • 14. OWASP API TOP 10 - 4 to 7

    • 15. API8-2019 Injection

    • 16. API9-2019 improper asset management

    • 17. OWASP API top 10 - 10 insufficient logging and monitoring

  • 04

    Section 4: Labs: API TOP 10

    • 18. Go to the labs linked on the udemy page

  • 05

    Section 5: Video's: API TOP 10 Demonstrated

    • 19. A1 - Broken level authorization

    • 20. A2 - Broken authentication

    • 21. A3 - Excessive information disclosure

    • 22. A4 - lack of rate limiting

    • 23. A5 - broken function level authorization

    • 24. A6 Mass assignment

    • 25. A7 - Security misconfiguration

    • 26. A8 - Injections

    • 27. A9 - Improper asset managment

    • 28. A10 - Insufficient logging and monitoring

  • 06

    Section 6: Building and hacking an API

    • 29. Let's build an API to hack - Part 1: The basics

    • 30. Let's build an API to hack - Part 2: Faking it before breaking it

    • 31. Let's build an API to hack - Part 3: Information disclosure

    • 32. Let’s build an API to hack — Part 4: Mass assignment

    • 33. Let's build an API to hack - Part 5: Emulating login and hacking it with postman

    • 34. Let's build an API to hack - Part 6: Emulating SQLi and showing possible SSTI

    • 35. Building an API part 7: API Broken Access Control Through Replacing HTTP Method

    • 36. API roulette - Name the issues

    • 37. REST-API-GOAT: Chain postman burp suite

    • 38. Hacking an API with postman - theory

    • 39. Postman API hacking - Tiredful API

  • 07

    Section 7: API Firewalls

    • 40. Video: API firewall

    • 41. API Firewall guide

  • 08

    Section 8: API Hacking with Postman

    • 42. API hacking with postman Part 1 - getting the basics down

    • 43. API hacking with postman Part 2 - importing the API description

    • 44. API hacking with postman Part 3 Pre-request scripts, tests and console

    • 45. API hacking with postman Part 4 - Getting dirty with data sources

  • 09

    Section 9: Extra's

    • 46. API Testing

    • 47. Swagger and OpenAPI

    • 48. API Security - Top 10 Best Practices

    • 49. How to secure your rest API from attackers