This repository contains notes, labs, cheatsheets, extras, and certificate of completion for the API Penetration Testing (12 hours, ApiSec University) program.
The course provides a solid foundation in API security, OWASP API Top 10, attack techniques, and defense strategies.
- 📄 01-introduction-to-api-security.md – Introduction to API Security
- 📄 02-owasp-api-top10-overview.md – OWASP API Top 10 Overview
- 📄 03-authentication-and-authorization.md – Authentication & Authorization
- 📄 04-bola-and-broken-authentication.md – BOLA & Broken Authentication
- 📄 05-data-exposure-and-rate-limiting.md – Data Exposure & Rate Limiting
- 📄 06-mass-assignment.md – Mass Assignment Vulnerabilities
- 📄 07-security-misconfiguration.md – Security Misconfiguration
- 📄 08-injection-attacks.md – Injection Attacks
- 📄 09-improper-assets-management.md – Improper Assets Management
- 📄 10-logging-and-monitoring.md – Logging & Monitoring
- 🔐 authentication-bypass.md – Authentication Bypass
- 🛡️ authorization-issues.md – Authorization Issues
- 📝 input-validation.md – Input Validation Testing
- ⚡ rate-limiting.md – Rate Limiting Exploitation
- 🔎 api-enumeration.md – API Enumeration
- 🔑 jwt-attacks.md – JWT Attacks
- 📊 graphql-queries.md – GraphQL Queries
- 💥 common-payloads.md – Common Payloads
- 📑 case-studies.md – Real-world API security case studies
- 📆 timeline.md – Attack & defense timeline
- 📘 resources.md – Additional resources
- 📘 glossary.md – API security glossary
- 📘 index.md – Program overview
- 📘 references.md – References & sources
- 📘 roadmap.md – Learning roadmap
- 📘 syllabus.md – Course syllabus
| Module | Screenshot |
|---|---|
| 📘 Modules Overview |  |
| 🔐 API Security Basics |  |
| 🧪 Pentesting Labs |  |
🎓 API Penetration Testing (ApiSec University)
This course enhanced my pentesting workflow for APIs.
The hands-on labs on authentication bypass, injection, and rate limiting provided real attack/defense experience.
Cheatsheets and case studies reinforced OWASP API Top 10 understanding, making it a great starting point for API penetration testing professionals.
Thành Danh – Red Team Learner & Security Researcher
- GitHub: @ngvuthdanhh
- Email: ngvu.thdanh@gmail.com
This project is licensed under the terms of the MIT License. See LICENSE for full details.
© 2025 ngvuthdanhh. All rights reserved.