Welcome to API Penetration Testing!
Introduction
The API Penetration Testing course will guide you through actively testing web application
programming interfaces (APIs) for security flaws. This course is a self-paced, practical guide that
will show you the tools and techniques that can be leveraged to attack APIs. Although the skills
that you will pick up in this course can be applied to a variety of APIs, the primary focus will be
on REST APIs.
The training will help you get your hands on the keyboard and walk you through the API hacking
process. In this course, you will learn how to discover APIs, interact with endpoints, and exploit
several weaknesses like Broken Authentication, Mass Assignment, and Broken Object Level
Authorization. By the end of this course, you will have the skill set to thoroughly test web APIs.
* Note: This course used to be called "APIsec Certified Expert". You may see references to that
name in the videos.
Who is this for?
The API Penetration Testing course is great for anyone interested in dedicating time to learning
how to test APIs for security weaknesses. This course was meant to help improve the skills of
bug bounty hunters, developers, and penetration testers. Before taking this course it would help
to have a basic understanding of how web apps and APIs work.
The course is completely free for anyone that wants to learn about API hacking. Those who
would like to certify their knowledge can take the API Penetration Testing exam. The exam is a
six-hour practical assessment of your ability to test APIs and find vulnerabilities. Students who
pass the exam will receive the certification.
How does this course work?
Read, watch, and/or listen to the content provided in the course modules. It is highly
recommended that you take notes and participate in the hands-on labs. Follow along with the
course materials and complete the assessments at the end of every module.
The Hacker's Mindset
The cybersecurity landscape evolves constantly, and so do the commands, flags, and software
versions you’ll encounter throughout this course. As a result, what works perfectly one day may
require a new approach the next. Part of developing a hacker’s mindset is learning how to
navigate these changes—by researching current documentation, exploring community forums,
checking out the latest GitHub repos, and troubleshooting issues independently.
�This ability to adapt and problem-solve is what truly sets successful security professionals apart.
When you encounter discrepancies between the course materials and your real-world setup,
see it as an opportunity to hone your skills. The most valuable skill you can develop isn’t just
learning the tools as they are today—it’s learning how to learn, adapt, and creatively solve
problems in an ever-evolving environment.
Join the APIsec University community on Discord for additional support.
Quizzes and Assessment
During the course, quizzes will be used as knowledge-based tests of the content discussed
within the module. Quizzes will test your understanding of the course materials and your skills.
The API Pentest course will be a challenge that sets a high bar. In order to pass any quiz or
assessment you must answer 100% of the questions correctly. Completing all quizzes will result
in obtaining the Certificate of Completion.
***Note: Assessments no longer exist and have been merged with quizzes.
I hope you enjoy this course.
