In this video from our API Security: Offence and Defence you will learn what an API brute force attack looks like, and how to perform it. APIs for web applications are growing in numbers by the minute, if you have your eyes on pentesting one this will be a great addition to your arsenal. Dive in!
API is now being used by every web/mobile/desktop application to communicate with each other. But, as any other technology, it has its strengths and weaknesses. In this course we will focus on REST API and we will go through the techniques used to find weaknesses and exploit them, also the countermeasures used by developers.
What will you learn?
- API Standards (e.g., Authentication, Data Exchange, etc.)
- API Attacks and Countermeasures
- Brute force attacks on API
- DDoS attacks on API
- OAuth attacks on API
What skills will you gain?
- Practical experience in pentesting REST API
- How to implement Secure API
What will you need?
- PC with a preferred operating system (Mac OSX 10.5+, Windows 7+, Linux)
- API testing tool (e.g., PostMan)
- Proxy tool (e.g., Burp Suite, Fiddler)
What should you know before you join?
- Previous knowledge of how web works (e.g., HTTP Protocol, HTTP Methods, etc.)
- Understanding of basic web vulnerabilities (e.g., XSS, CSRF, Open Redirect, IDOR, etc.)
- The course is self-paced – you can visit the training whenever you want and your content will be there.
- Once you’re in, you keep access forever, even when you finish the course.
- There are no deadlines, except for the ones you set for yourself.
- We designed the course so that a diligent student will need about 18 hours of work to complete the training.
- Your time will be filled with reading, videos, and exercises.
Want to join the course? Get a membership plan >>
Brute-Forcing Two-Factor Authentication
Watch tutorial from 'Exploiting Authentication and Access Control Mechanisms with Burp Suite' course!
- Blog2022.03.28Footprinting Firewalls | Reconnaissance Tutorial [FREE COURSE CONTENT]
- Blog2022.03.17Process Hollowing Malware | Reverse Engineering Tutorial [FREE COURSE CONTENT]
- Blog2022.03.09Sniffing BLE packets | IoT Hacking Tutorial [FREE COURSE CONTENT]
- Blog2022.02.18Pass The Hash Attacks in Active Directory [FREE COURSE CONTENT]