When will I receive my Course Certificate?

If you complete the course successfully, your electronic Course Certificate will be added to your Accomplishments page - from there, you can print your Course Certificate or add it to your LinkedIn profile.

Why can’t I audit this course?

This course is currently available only to learners who have paid or received financial aid, when available.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Pentesting APIs

Pentesting APIs

Instructor: Packt - Course Instructors

10 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

3 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

10 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

3 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

Understand the role of APIs in modern applications and their security challenges
Set up a penetration testing environment for API security testing
Identify and exploit common API vulnerabilities through practical techniques

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

There are 10 modules in this course

This course provides learners with the essential skills to secure APIs against evolving cyber threats. You will master real-world techniques for discovering vulnerabilities, fingerprinting, and exploiting APIs to identify weaknesses and implement effective security measures. API security is critical in today’s digital world, where APIs are core components of modern applications.

You will learn how to set up an environment for penetration testing, assess API security, and apply expert techniques to protect APIs from common threats. Practical exercises focus on real-world scenarios, equipping you with the skills to proactively defend APIs against exploitation. The course stands out by combining theory with hands-on practice, offering a comprehensive guide to identifying, testing, and securing APIs. You’ll explore vulnerabilities in both RESTful and GraphQL APIs, gaining expert insights into real-world cybersecurity challenges. This course is ideal for security engineers, developers, and analysts with a basic understanding of web development and cybersecurity. It’s designed for those looking to enhance their skills in API security and protection.

In this section, we explore APIs, their types, protocols, and security principles, emphasizing their role in system integration and the risks of poor security practices.

What's included

2 videos6 readings1 assignment

2 videos Total 2 minutes

Course Overview 1 minute
Understanding APIs and Their Security Landscape - Overview Video 1 minute

6 readings Total 170 minutes

Introduction 30 minutes
A Brief History of APIs 20 minutes
API Types and Protocols 30 minutes
REST 30 minutes
gRPC 30 minutes
GraphQL 30 minutes

1 assignment Total 10 minutes

API Security and Communication Fundamentals 10 minutes

In this section, we guide the setup of a secure penetration testing environment, focusing on tool selection, lab configuration, and repository usage for practical API testing.

What's included

1 video4 readings1 assignment

In this section, we explore API reconnaissance techniques, including enumeration, OSINT, and analyzing documentation to identify vulnerabilities and improve security practices.

What's included

1 video5 readings1 assignment

1 video Total 1 minute

API Reconnaissance and Information Gathering - Overview Video 1 minute

5 readings Total 140 minutes

Introduction 30 minutes
Looking at crAPI 30 minutes
Analyzing API Documentation and Endpoints 30 minutes
Leveraging OSINT 20 minutes
Identifying Data and Schema Structures 30 minutes

1 assignment Total 10 minutes

API Security and Information Gathering Fundamentals 10 minutes

In this section, we cover API authentication and authorization testing, including weak credentials and access control issues.

What's included

1 video9 readings1 assignment

1 video Total 1 minute

Authentication and Authorization Testing - Overview Video 1 minute

9 readings Total 210 minutes

Introduction 20 minutes
Basic Authentication 20 minutes
Session Tokens 30 minutes
JSON Web Tokens (JWTs) 30 minutes
Testing for Weak Credentials and Default Accounts 20 minutes
Common Credentials and Default Accounts 20 minutes
Exploring Authorization Mechanisms 20 minutes
Attribute-based Access Control 20 minutes
Bypassing Access Controls 30 minutes

1 assignment Total 10 minutes

Authentication and Authorization Fundamentals 10 minutes

In this section, we explore injection vulnerabilities, testing SQL and NoSQL injection, and validating user input to enhance API security and prevent data breaches.

What's included

1 video8 readings1 assignment

1 video Total 1 minute

Injection Attacks and Validation Testing - Overview Video 1 minute

8 readings Total 210 minutes

Introduction 30 minutes
Testing for SQL Injection 30 minutes
Hidden Union SQL Injection 30 minutes
Exploiting SQL Injection on a Vulnerable API 30 minutes
Testing for NoSQL Injection 20 minutes
Operator Injection 30 minutes
Validating and Sanitizing User Input 20 minutes
Sanitizing Query Parameters 20 minutes

1 assignment Total 10 minutes

Injection Attacks and Input Validation 10 minutes

In this section, we explore error handling in APIs, focusing on identifying error codes, fuzzing for vulnerabilities, and leveraging error responses for infrastructure analysis.

What's included

1 video3 readings1 assignment

In this section, we explore testing for DoS vulnerabilities, identifying rate-limiting mechanisms, and evaluating their effectiveness to enhance API resilience against malicious traffic.

What's included

1 video7 readings1 assignment

1 video Total 1 minute

Denial of Service and Rate-Limiting Testing - Overview Video 1 minute

7 readings Total 200 minutes

Introduction 30 minutes
Interacting with Mockoon’s Endpoints 30 minutes
Leveraging Scapy to Attack Mockoon 20 minutes
Sending Fragmented Packets with hping3 30 minutes
Identifying Rate-Limiting Mechanisms 30 minutes
Leaky Buckets 30 minutes
Circumventing Rate Limitations 30 minutes

1 assignment Total 10 minutes

API Security and Traffic Control 10 minutes

In this section, we explore identifying sensitive data exposure, testing for information leakage, and implementing prevention strategies in APIs to enhance security and reduce vulnerabilities.

What's included

1 video5 readings1 assignment

In this section, we examine API abuse and business logic testing, focusing on identifying vulnerabilities, simulating abuse scenarios, and implementing security measures to prevent exploitation.

What's included

1 video7 readings1 assignment

1 video Total 1 minute

API Abuse and Business Logic Testing - Overview Video 1 minute

7 readings Total 190 minutes

Introduction 30 minutes
Exploring API Abuse Scenarios 30 minutes
Setting Up OpenBullet2 20 minutes
Creating a Configuration and Attacking 30 minutes
Other Features and Security Recommendations 30 minutes
Parameter Tampering 30 minutes
Testing for Business Logic Vulnerabilities 20 minutes

1 assignment Total 10 minutes

Exploring API Security and Business Logic Risks 10 minutes

In this section, we explore secure coding practices for APIs, focusing on authentication, input validation, and encryption to prevent vulnerabilities and ensure data integrity.

What's included

1 video3 readings1 assignment

Instructor

Packt - Course Instructors

Packt

1,471 Courses 392,127 learners

Offered by

Packt

Why people choose Coursera for their career

Felipe M.

Learner since 2018

"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."

Jennifer J.

Learner since 2020

"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."

Larry W.

Learner since 2021

"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Open new doors with Coursera Plus

Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Learn more

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Explore degrees

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Learn more

Frequently asked questions

Yes, you can preview the first video and view the syllabus before you enroll. You must purchase the course to access content not included in the preview.

If you decide to enroll in the course before the session start date, you will have access to all of the lecture videos and readings for the course. You’ll be able to submit assignments once the session starts.

Once you enroll and your session begins, you will have access to all videos and other resources, including reading items and the course discussion forum. You’ll be able to view and submit practice assessments, and complete required graded assignments to earn a grade and a Course Certificate.

Pentesting APIs

Pentesting APIs

What you'll learn

Details to know

See how employees at top companies are mastering in-demand skills

There are 10 modules in this course

Understanding APIs and Their Security Landscape

What's included

Setting Up the Penetration Testing Environment

What's included

API Reconnaissance and Information Gathering

What's included

Authentication and Authorization Testing

What's included

Injection Attacks and Validation Testing

What's included

Error Handling and Exception Testing

What's included

Denial of Service and Rate-Limiting Testing

What's included

Data Exposure and Sensitive Information Leakage

What's included

API Abuse and Business Logic Testing

What's included

Secure Coding Practices for APIs

What's included

Instructor

Offered by

Why people choose Coursera for their career

Felipe M.

Jennifer J.

Larry W.

Chaitanya A.

Open new doors with Coursera Plus

Advance your career with an online degree

Join over 3,400 global companies that choose Coursera for Business

Frequently asked questions

Can I preview a course before enrolling?

When will I have access to the lectures and assignments?

What will I get when I enroll?

More questions