Attacking and Securing APIs

This is a fully hands-on practical concentrated course on securing and attacking web and cloud APIs. APIs are everywhere nowadays: In web apps, embedded systems, enterprise apps, cloud environments and even IoT, and it is becoming increasingly necessary to learn how to defend, secure and attack API implementation and infrastructure. This training aims to engage you in creating secure modern APIs, while showing you both modern and contemporary attack vectors. With more than 50 labs in two days, you are in for a glue-me-to-the-keyboard adventure covering: Defending and attacking Web APIs (REST, GraphQL..etc) Attacking and securing AWS APIs and infrastructure. Launching and mitigating modern Injection attacks (SSTI, RCE, SQLi, NoSQLi, XXE, DynamoDB injection, Deserialization, object injection and more) Securing and attacking passwords and secrets in APIs. API authentication, authorization and access control. Targeting and defending API architectures (Serverless, microservices, web services & APIs)