API testing and securing guide
Learn how to build and break an API in record time including the API top 10
What you'll learn
Your Instructor
David Bombal, together with some of the best minds in the industry is offering courses on a wide range of topics including networking, programming and software development. Our team has decades of experience teaching students from all over the world.
Together we can do more!
David Bombal (CCIE #11023 Emeritus) passed his Cisco Certified Internetwork Expert Routing and Switching exam in January 2003 and is one of a small percentage of Cisco Engineers that pass their CCIE labs on their first attempt.
David qualified as a Cisco Certified Systems Instructor (CCSI #22787) many years ago! He has been training Cisco courses for over 15 years and has delivered instructor led courses in various countries around the world covering a wide range of Cisco topics from CCNA to CCIE.
He has also personally developed Cisco engineer utilities such as the VPN Config Generator, software, training materials, EBooks, videos and other products which are used throughout the world.
David has designed, implemented and managed networks ranging from single sites to those that span 50 countries.
I am the XSS Rat, an experienced ethical hacker who stands for quality and who believes knowledge is a building block we can all use to grow bigger than we ever were.
As a software test i have a unique skill set that centers around logic flaws and IDORs which i have not seen very much by other hunters.
This gives me the advantage of finding less duplicates and maximizing my chance of finding a vulnerability by picking the correct target and applying the correct test strategy.
Course Curriculum
-
StartAPI0.2019: What is an API?
-
StartAPI1:2019 Broken Object Level Authorization
-
StartAPI2:2019 Broken User Authentication
-
StartAPI3:2019 Excessive Data Exposure
-
StartAPI4:2019 Lack of rate limiting
-
StartAPI5:2019 Broken Function Level Authorization
-
StartAPI6:2019 Mass Assignment
-
StartAPI7:2019 Security Misconfiguration
-
StartAPI8:2019 Injection
-
StartAPI9:2019 Improper Assets Management
-
StartAPI10:2019 Insufficient Logging & Monitoring
-
StartA1 - Broken level authorization (2:19)
-
StartA2 - Broken authentication (0:55)
-
StartA3 - Excessive information disclosure (1:02)
-
StartA4 - lack of rate limiting (0:46)
-
StartA5 - broken function level authorization (2:13)
-
StartA6 - Mass assignment (2:16)
-
StartA7 - Security misconfiguration (0:33)
-
StartA8 - Injections (1:20)
-
StartA9 - Improper asset management (1:01)
-
StartA10 - Insufficient logging and monitoring (1:13)
-
StartTop10.zip