
This is a hand-on practical concentrated course on securing and attacking web and cloud APIs. APIs are everywhere nowadays: In web apps, embedded systems, enterprise apps, cloud environments and even IoT, and it is becoming increasingly necessary to learn how to defend, secure and attack API implementation and infrastructure. This training aims to engage you in creating secure modern APIs, while showing you both new and old attack vectors.
Syllabus
- Defending and attacking Web APIs (REST, GraphQL..etc)
- Attacking and securing AWS APIs and infrastructure.
- Launching and mitigating modern Injection attacks (SSTI, RCE, SQLi, NoSQLi, Deserialization & object injection)
- Deploying practical cryptography.
- Securing passwords and secrets in APIs.
- API authentication and authorization.
- Targeting and defending API architectures (Serverless, web services, web APIs)
- Securing development environments.
Security Education
OffSec
iNE
Antisyphon
EC-Council
Applied Network Defense
Kaspersky
Sektor7
CompTIA
TCM Security
BlackHat
13Cubed
Dark Vortex
Enciphers
Forty North
Cyber warfare Labs
Maltrak
Scorpio Software
Security Onion
Zero Point Security
SentinelOne
Altered Security
SpecterOps
Pentester Academy
CQURE
PluralSight
StationX
Cybr
موسسههای دیگر