API brute force attacks [FREE COURSE CONTENT]

Apr 22, 2020

In this video from our API Security: Offence and Defence you will learn what an API brute force attack looks like, and how to perform it. APIs for web applications are growing in numbers by the minute, if you have your eyes on pentesting one this will be a great addition to your arsenal. Dive in! 



API is now being used by every web/mobile/desktop application to communicate with each other. But, as any other technology, it has its strengths and weaknesses. In this course we will focus on REST API and we will go through ​ the techniques used to find weaknesses and exploit them, also the countermeasures​ ​ used​ ​ by​ ​ developers.


What will you learn?

  • API​ ​ Standards​ ​ (e.g.,​ Authentication​, Data​ ​ Exchange​,​ etc.)
  • API​ ​ Attacks​ ​ and​ ​ Countermeasures
  • Brute force attacks on API
  • DDoS attacks on API
  • OAuth attacks on API

What skills will you gain?

  • Practical experience in pentesting​ ​REST API
  • How to implement​ ​ Secure​ ​ API

What will you need?

  • PC with a preferred operating system (Mac OSX 10.5+, Windows 7+, Linux)
  • API​ ​ testing​ ​ tool​ ​ (e.g.,​ ​ PostMan)
  • Proxy​ ​ tool​ ​ (e.g.,​ ​ Burp​ ​ Suite, Fiddler)

What should you know before you join?

  • Previous​ ​ knowledge​ ​ of​ ​ how​ ​ web​ ​ works​ ​ (e.g.,​ ​ HTTP​ ​ Protocol​, HTTP​ ​ Methods​, etc.)
  • ​Understanding​ ​ of basic​ ​ web​ ​ vulnerabilities (e.g., XSS, CSRF, Open Redirect, IDOR, etc.)

Course format: 

  • The course is self-paced – you can visit the training whenever you want and your content will be there.
  • Once you’re in, you keep access forever, even when you finish the course.
  • There are no deadlines, except for the ones you set for yourself.
  • We designed the course so that a diligent student will need about 18 hours of work to complete the training.
  • Your time will be filled with reading, videos, and exercises.

Want to join the course? Get a membership plan >>


[custom-related-posts title="Related posts:" none_text="None found" order_by="title" order="ASC"]

Recommended From Hakin9
The New Frontier of Scamming: How Real-Time Bidding is Fueling Fraud

This happened in Australia. A citizen recently received a text message that seemed to know

Defining Cybersecurity in Healthcare

With healthcare accounting for 34% of cyberattacks in 2023, the sector is a prime target

Cybersecurity’s Toughest Battle: Why the bad guys keep winning

It’s hard to keep up with today’s cybersecurity landscape. Every time you think you’ve nailed

How AI Will Worsen the Cybersecurity Workforce Gap!

So, this article will create a little bit of friction between some of my friends

(1,303 views)
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023