|Learn To Protect Your APIs By Hacking Them|
|Written by Nikos Vaggalis|
|Tuesday, 06 September 2022|
A free course from security expert Corey Ball will teach you all the techniques necessary to hack your APIs.The ultimate goal is to learn how to protect them by first identifying any undiscovered vulnerabilities.
Alongside the motto "Software is eating the world", I would add "APIs are eating the Internet". It is estimated that 83% of internet traffic comes from interaction with APIs - therefore learning how to protect them is of the utmost importance. But given the lack of expert cybersecurity personnel, knowledge has to be gained from other sources, like this course for instance.
APIsec University is hosted by Corey Ball, a true cybersec expert and author of the new book Hacking APIs - Breaking Web Application Programming Interfaces, published by No Starch Press.
In that book he teaches how to go about:
The book costs money, but the course does not.
APIsec Certified Expert is a path comprising of three courses that lead to a certification.You start out with API Security Certified Expert, continue as an API Security Defender and end up as an APIsec Certified User.
The APIsec Defender course provides the foundational knowledge required to help secure APIs, while APIsec Certified User goes through developing your API security testing skills to get the most from the APIsec automated testing platform.
API Security Certified Expert is also the one that is free and the one that mirrors the topics of the book, although not in as much depth. As with the book, it focuses on the offensive part of the story and is comprised of detailed workshops on API hacking techniques showing how to uncover vulnerabilities and logic flaws. Its outline is:
The material up to the chapter on Scanning APIs is available already. The rest will follow, ETA middle of September. In any case you can enroll for free and start with what's available right now. As far as the remaining two courses that need to be taken in order to get certified, it hasn't been yet decided if they're going to be also free or paid and how much if that is so.
The question that remains is how valuable is APISec University's certification? In terms of the knowledge you will gain it is certainly worthwhile but if the question is whether the certification can help you land a job, well that depends on a number of things, primarily the extent to which the cybersec world recognizes Corey Ball. Corey is a cybersecurity consulting manager at Moss Adams, where he leads its penetration testing services and holds the OSCP, CCISO, CEH, CISA, CISM, CRISC, and CGEIT industry certifications. Pretty certified himself, if you ask me. His book is also doing well and is considered groundbreaking.
In any case, the free parts available are those that are core to every API-focused developer out there, so do not hesitate to enroll no matter whether you look to progress further or not.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Wednesday, 07 September 2022 )|