This repository contains notes, labs, cheatsheets, extras, and certificate of completion for the API Penetration Testing (12 hours, ApiSec University) program.
The course provides a solid foundation in API security, OWASP API Top 10, attack techniques, and defense strategies.
- π 01-introduction-to-api-security.md β Introduction to API Security
- π 02-owasp-api-top10-overview.md β OWASP API Top 10 Overview
- π 03-authentication-and-authorization.md β Authentication & Authorization
- π 04-bola-and-broken-authentication.md β BOLA & Broken Authentication
- π 05-data-exposure-and-rate-limiting.md β Data Exposure & Rate Limiting
- π 06-mass-assignment.md β Mass Assignment Vulnerabilities
- π 07-security-misconfiguration.md β Security Misconfiguration
- π 08-injection-attacks.md β Injection Attacks
- π 09-improper-assets-management.md β Improper Assets Management
- π 10-logging-and-monitoring.md β Logging & Monitoring
- π authentication-bypass.md β Authentication Bypass
- π‘οΈ authorization-issues.md β Authorization Issues
- π input-validation.md β Input Validation Testing
- β‘ rate-limiting.md β Rate Limiting Exploitation
- π api-enumeration.md β API Enumeration
- π jwt-attacks.md β JWT Attacks
- π graphql-queries.md β GraphQL Queries
- π₯ common-payloads.md β Common Payloads
- π case-studies.md β Real-world API security case studies
- π timeline.md β Attack & defense timeline
- π resources.md β Additional resources
- π glossary.md β API security glossary
- π index.md β Program overview
- π references.md β References & sources
- π roadmap.md β Learning roadmap
- π syllabus.md β Course syllabus
| Module | Screenshot |
|---|---|
| π Modules Overview |  |
| π API Security Basics |  |
| π§ͺ Pentesting Labs |  |
π API Penetration Testing (ApiSec University)
This course enhanced my pentesting workflow for APIs.
The hands-on labs on authentication bypass, injection, and rate limiting provided real attack/defense experience.
Cheatsheets and case studies reinforced OWASP API Top 10 understanding, making it a great starting point for API penetration testing professionals.
ThΓ nh Danh β Red Team Learner & Security Researcher
- GitHub: @ngvuthdanhh
- Email: [email protected]
This project is licensed under the terms of the MIT License. See LICENSE for full details.
Β© 2025 ngvuthdanhh. All rights reserved.