Capie - Certified Api Hacking Expert Course Content

OWASP API top 10 based API hacking syllabus

What you'll learn

Identify and exploit common API vulnerabilities (OWASP API Top 10: A1–A10)

Perform authenticated and unauthenticated API testing (incl. JWT, OAuth attacks)

Read and write API documentation using OpenAPI/Swagger

Securely design, implement, and deploy RESTful and SOAP services

Use API firewalls and rate-limiting to block attacks

Build your own exercise-based lab environment and challenge friends

Pass the CAPIE certification exam with confidence

Requirements

No prior hacking experience required

Basic familiarity with HTTP (GET/POST) is helpful but not mandatory

A computer with internet access (we’ll use free tools like Postman, Burp Suite Community, Python)

Description

usly crafted to guide you through the complexities of API security, with practical demonstrations, hands-on labs, and expert-level resources to elevate your knowledge and skillset.In this course, we’ll begin with the very basics of APIs, covering topics such as the fundamentals of what APIs are and how they function within modern web and mobile applications. We’ll dive deeper into the key differences between REST and SOAP, two of the most common API architectures used today. Understanding how to properly interact with APIs is essential, so we’ll teach you effective techniques to communicate with them securely and efficiently.You’ll also gain a thorough understanding of the OWASP API Top 10 vulnerabilities for 2019 and 2023, enabling you to recognize common security flaws that exist within APIs. We’ll cover critical topics like API documentation, which is key in understanding and exploiting security weaknesses, and API firewalls, which are essential in protecting against malicious activities.As part of your learning experience, this course offers signature labs that will allow you to practice what you've learned in realistic scenarios. These labs are designed to reinforce the theoretical knowledge covered in the course and give you real-world insights into API hacking.CAPIE is more than just a course – it’s your gateway to becoming a skilled API penetration tester. With this certification, you will have the knowledge, hands-on practice, and confidence to work with and secure APIs in any real-world environment. Don't miss the opportunity to gain a certification that is tailored to today's industry demands!

Overview

Section 1: 002 An Introduction To APIs

Lecture 1 CAPIE - Chapter 1.1 - What is an API - PT1

Lecture 2 CAPIE - Chapter 1.1 - What is an API - PT2

Lecture 3 CAPIE - Chapter 1.2 SOAP VS REST

Lecture 4 CAPIE - Chapter 1.3 Authentication and authorization

Lecture 5 CAPIE - Chapter 1.3EXTRA - Code review - Authentication - API keys

Lecture 6 CAPIE - Chapter 1.3EXTRA - Code review - Authentication - Basic Auth

Lecture 7 CAPIE - Chapter 1.3EXTRA - Code review - Authentication - JWT

Lecture 8 CAPIE - Chapter 1.3EXTRA - Code review - Authentication - oAuth 2.0

Lecture 9 CAPIE - Chapter 1.4 - API Architectures

Lecture 10 CAPIE - Chapter 1.5 API documentation

Lecture 11 CAPIE - Chapter 1.6 - MCQ chapter 1: Introduction to APIs

Lecture 12 CAPIE - Chapter 1.7 - Assignment: An introduction to APIs

Section 2: 003 How To Talk To APIs

Lecture 13 CAPIE - Chapter 2.1 - Curl

Lecture 14 CAPIE - Chapter 2.2 - Postman

Lecture 15 CAPIE - Chapter 2.3 - SOAP UI

Lecture 16 CAPIE - Chapter 2.4 - Python

Lecture 17 CAPIE - Chapter 2.6 - MCQ Ch2: Tools for interacting with an API

Lecture 18 CAPIE - Chapter 2.7 - Assignment Ch2: Tools for talking to an API

Section 3: 004 The OWASP API Top 10 (2019) [Article Explanation]

Lecture 19 CAPIE - Chapter 3.1 - OWASP API top 10 - A01 - BOLA (Broken Object Level Authori

Lecture 20 CAPIE - Chapter 3.2 - OWASP API top 10 2019 - A02 - Broken User Authentication

Lecture 21 CAPIE - Chapter 3.4 - OWASP API top 10 2019 - A04 - Lack Of Rate Limiting

Lecture 22 CAPIE - Chapter 3.5 - OWASP API top 10 2019 - A05 - Broken Function Level Auth (

Lecture 23 CAPIE - Chapter 3.3 - OWASP API top 10 2019 - A03 - Excessive data exposure

Lecture 24 CAPIE - Chapter 3.6 - OWASP API top 10 2019 - A06 - Mass Assignment

Lecture 25 CAPIE - Chapter 3.7 - OWASP API top 10 2019 - A07 - Security Misconfiguration

Lecture 26 CAPIE - Chapter 3.8 - OWASP API top 10 2019 - A08 - Injection

Lecture 27 CAPIE - Chapter 3.9 - OWASP API top 10 2019 - A09 - Improper Asset Mgmnt

Lecture 28 CAPIE - Chapter 3.10 - OWASP API top 10 2019 - A10 - Insufficient Logging And Mo

Lecture 29 CAPIE - Chapter 3.11 - MCQ Ch3: The OWASP API top 10 - 2019

Lecture 30 CAPIE - Chapter 3.12 - Assignment OWASP API top 10 2019

Section 4: 005 The OWASP API Top 10 (2019) [Demonstrations]

Lecture 31 CAPIE - Chapter 3.13 - A1_-_Broken_level_authorization.mp4

Lecture 32 CAPIE - Chapter 3.14 - A2_-_Broken_authentication.mp4

Lecture 33 CAPIE - Chapter 3.15 - A4_lack_of_rate_limiting.mp4

Lecture 34 CAPIE - Chapter 3.16 - A3_-_Excessive_information_disclosure_.mp4

Lecture 35 CAPIE - Chapter 3.17 - A5_broken_function_level_authorisation.mp4

Lecture 36 CAPIE - Chapter 3.18 - A6_Mass_assignment.mp4

Lecture 37 CAPIE - Chapter 3.19 - A7_-_Security_misconfiguration (1).mp4

Lecture 38 CAPIE - Chapter 3.20 - A7_-_Security_misconfiguration.mp4

Lecture 39 CAPIE - Chapter 3.21 - A8_-_Injections.mp4

Lecture 40 CAPIE - Chapter 3.22 - A8_-_Injections (1).mp4

Lecture 41 CAPIE - Chapter 3.23 - A9_-_Improper_asset_managment.mp4

Lecture 42 CAPIE - Chapter 3.24 - A10_-_Insufficient_logging_and_monitoring.mp4

Section 5: 006 API Pentesting Documentation

Lecture 43 CAPIE - Chapter 5.1 - Test Plan

Lecture 44 CAPIE - Chapter 5.2 - Test Report

Lecture 45 CAPIE - Chapter 5.3 - Test Debrief Meeting

Lecture 46 CAPIE - Chapter 5.5: API Pentesting documentation

Lecture 47 CAPIE - Chapter 5.XTRA1 API Penetration Testing Report

Lecture 48 CAPIE - Chapter 5.4 - MCQ API Pentesting documentation

Lecture 49 CAPIE - Chapter 5.XTRA2 - API Penetration Testing Plan Example - General API exa

Section 6: 007 - Build your own APIs - Exercise programming

Lecture 50 CAPIE - Chapter 6.XTRA2 - How to secure your REST API from attackers 9f2aeefcab9

Section 7: Chapter 8 - API Practice Labs

Lecture 51 CAPIE - Chapter 8.2 - practice exam example

Section 8: Chapter 99 - EXTRA

Lecture 52 05APR25 - An introduction to API hacking CC4

Security engineers & pentesters who want to specialize in API testing,Developers looking to deepen their understanding of API security,IT auditors and compliance officers who review API exposures,Anyone preparing for a hands-on API security certification