API Security University & PortSwigger Web Security Academy Study Notes
- CASA - Certified API Security Analyst Exam
- ASCP - API Security Certified Professional Exam
- ACP - APIsec Certified Practitioner
- BSCP - Burp Suite Certified Practitioner
Thanks too all for your support by buying me coffee, thanks you so much
\o/
- OWASP API Security Top 10
- API1:2023 Broken Object Level Authorization
- API2:2023 Broken Authentication
- API3:2023 Broken Object Property Level Authorization
- API4:2023 Unrestricted Resource Consumption
- API5:2023 Broken Function Level Authorization
- API6:2023 Unrestricted Access to Sensitive Business Flows
- API7:2023 Server Side Request Forgery
- API8:2023 Security Misconfiguration
- API9:2023 Improper Inventory Management
- API10:2023 Unsafe Consumption of APIs
- Injection, Insufficient Logging and Monitoring & Business Logic Flaws
- API Documentation
- Business Impact of API Documentation
- How to Write Good Documentation
- Documentation Techniques and Tools
- Documentation Best Practices
- 2B completed
- Cross Origin Resource Sharing (CORS)
- Error Disclosure
- Information Leak
- Insecure Cookies
- Path Traversal
- Rate Limits
- API Lab Setup & Discovery
- API Reconnaissance
- Endpoint Analysis
- Authentication Attacks
- Exploiting Authorization
- Testing for Improper Assets Management
- Mass Assignment
- Exploiting SSRF
- Evasive Maneuvers
- Injection Attacks & WAF Rate Limiting
- Extra Additional Resources
- CASA - 100 multiple choice questions Exam in 2 hours
- ASCP Practical 12 hours hands-on Exam
- crAPI OWASP Solution Chalanges - walkthrough
- Roger's Blog on ASCP Exam attempts
- TCM Security - API Hacking Course by Alex Olsen
- HackTheBox Academy - API Attacks