When will I receive my Course Certificate?

If you complete the course successfully, your electronic Course Certificate will be added to your Accomplishments page - from there, you can print your Course Certificate or add it to your LinkedIn profile.

Why can’t I audit this course?

This course is currently available only to learners who have paid or received financial aid, when available.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Pentesting APIs

抓住节省的机会！购买 Coursera Plus 3 个月课程可享受40% 的折扣，并可完全访问数千门课程。

Pentesting APIs

位教师：Packt - Course Instructors

包含在中

了解更多

10个模块

深入了解一个主题并学习基础知识。

中级等级

推荐体验

3 周完成

在 10 小时一周

灵活的计划

自行安排学习进度

10个模块

深入了解一个主题并学习基础知识。

中级等级

推荐体验

3 周完成

在 10 小时一周

灵活的计划

自行安排学习进度

您将学到什么

Understand the role of APIs in modern applications and their security challenges
Set up a penetration testing environment for API security testing
Identify and exploit common API vulnerabilities through practical techniques

您将获得的技能

您将学习的工具

要了解的详细信息

可分享的证书

添加到您的领英档案

了解顶级公司的员工如何掌握热门技能

了解关于 Coursera for Business 的更多信息

Petrobras, TATA, Danone, Capgemini, P&G 和 L'Oreal 的徽标

该课程共有10个模块

This course provides learners with the essential skills to secure APIs against evolving cyber threats. You will master real-world techniques for discovering vulnerabilities, fingerprinting, and exploiting APIs to identify weaknesses and implement effective security measures. API security is critical in today’s digital world, where APIs are core components of modern applications.

You will learn how to set up an environment for penetration testing, assess API security, and apply expert techniques to protect APIs from common threats. Practical exercises focus on real-world scenarios, equipping you with the skills to proactively defend APIs against exploitation. The course stands out by combining theory with hands-on practice, offering a comprehensive guide to identifying, testing, and securing APIs. You’ll explore vulnerabilities in both RESTful and GraphQL APIs, gaining expert insights into real-world cybersecurity challenges. This course is ideal for security engineers, developers, and analysts with a basic understanding of web development and cybersecurity. It’s designed for those looking to enhance their skills in API security and protection.

In this section, we explore APIs, their types, protocols, and security principles, emphasizing their role in system integration and the risks of poor security practices.

涵盖的内容

2个视频6篇阅读材料1个作业

In this section, we guide the setup of a secure penetration testing environment, focusing on tool selection, lab configuration, and repository usage for practical API testing.

涵盖的内容

1个视频4篇阅读材料1个作业

In this section, we explore API reconnaissance techniques, including enumeration, OSINT, and analyzing documentation to identify vulnerabilities and improve security practices.

涵盖的内容

1个视频5篇阅读材料1个作业

1个视频总计1分钟

API Reconnaissance and Information Gathering - Overview Video 1分钟

5篇阅读材料总计140分钟

Introduction 30分钟
Looking at crAPI 30分钟
Analyzing API Documentation and Endpoints 30分钟
Leveraging OSINT 20分钟
Identifying Data and Schema Structures 30分钟

1个作业总计10分钟

API Security and Information Gathering Fundamentals 10分钟

In this section, we cover API authentication and authorization testing, including weak credentials and access control issues.

涵盖的内容

1个视频9篇阅读材料1个作业

1个视频总计1分钟

Authentication and Authorization Testing - Overview Video 1分钟

9篇阅读材料总计210分钟

Introduction 20分钟
Basic Authentication 20分钟
Session Tokens 30分钟
JSON Web Tokens (JWTs) 30分钟
Testing for Weak Credentials and Default Accounts 20分钟
Common Credentials and Default Accounts 20分钟
Exploring Authorization Mechanisms 20分钟
Attribute-based Access Control 20分钟
Bypassing Access Controls 30分钟

1个作业总计10分钟

Authentication and Authorization Fundamentals 10分钟

In this section, we explore injection vulnerabilities, testing SQL and NoSQL injection, and validating user input to enhance API security and prevent data breaches.

涵盖的内容

1个视频8篇阅读材料1个作业

1个视频总计1分钟

Injection Attacks and Validation Testing - Overview Video 1分钟

8篇阅读材料总计210分钟

Introduction 30分钟
Testing for SQL Injection 30分钟
Hidden Union SQL Injection 30分钟
Exploiting SQL Injection on a Vulnerable API 30分钟
Testing for NoSQL Injection 20分钟
Operator Injection 30分钟
Validating and Sanitizing User Input 20分钟
Sanitizing Query Parameters 20分钟

1个作业总计10分钟

Injection Attacks and Input Validation 10分钟

In this section, we explore error handling in APIs, focusing on identifying error codes, fuzzing for vulnerabilities, and leveraging error responses for infrastructure analysis.

涵盖的内容

1个视频3篇阅读材料1个作业

In this section, we explore testing for DoS vulnerabilities, identifying rate-limiting mechanisms, and evaluating their effectiveness to enhance API resilience against malicious traffic.

涵盖的内容

1个视频7篇阅读材料1个作业

1个视频总计1分钟

Denial of Service and Rate-Limiting Testing - Overview Video 1分钟

7篇阅读材料总计200分钟

Introduction 30分钟
Interacting with Mockoon’s Endpoints 30分钟
Leveraging Scapy to Attack Mockoon 20分钟
Sending Fragmented Packets with hping3 30分钟
Identifying Rate-Limiting Mechanisms 30分钟
Leaky Buckets 30分钟
Circumventing Rate Limitations 30分钟

1个作业总计10分钟

API Security and Traffic Control 10分钟

In this section, we explore identifying sensitive data exposure, testing for information leakage, and implementing prevention strategies in APIs to enhance security and reduce vulnerabilities.

涵盖的内容

1个视频5篇阅读材料1个作业

In this section, we examine API abuse and business logic testing, focusing on identifying vulnerabilities, simulating abuse scenarios, and implementing security measures to prevent exploitation.

涵盖的内容

1个视频7篇阅读材料1个作业

1个视频总计1分钟

API Abuse and Business Logic Testing - Overview Video 1分钟

7篇阅读材料总计190分钟

Introduction 30分钟
Exploring API Abuse Scenarios 30分钟
Setting Up OpenBullet2 20分钟
Creating a Configuration and Attacking 30分钟
Other Features and Security Recommendations 30分钟
Parameter Tampering 30分钟
Testing for Business Logic Vulnerabilities 20分钟

1个作业总计10分钟

Exploring API Security and Business Logic Risks 10分钟

In this section, we explore secure coding practices for APIs, focusing on authentication, input validation, and encryption to prevent vulnerabilities and ensure data integrity.

涵盖的内容

1个视频3篇阅读材料1个作业

位教师

Packt - Course Instructors

Packt

1,542 门课程 418,493 名学生

提供方

Packt

从 Software Development 浏览更多内容

状态：免费试用
EDUCBA
Apply API Testing Fundamentals Using Postman
课程
状态：免费试用
Edureka
Protecting and Managing APIs
课程
Coursera
API Testing a real web application via Postman
指导项目
Coursera
Building API Test Automation Framework Using Rest Assured
指导项目

人们为什么选择 Coursera 来帮助自己实现职业发展

Felipe M.

自 2018开始学习的学生

''能够按照自己的速度和节奏学习课程是一次很棒的经历。只要符合自己的时间表和心情，我就可以学习。'

Jennifer J.

自 2020开始学习的学生

''我直接将从课程中学到的概念和技能应用到一个令人兴奋的新工作项目中。'

Larry W.

自 2021开始学习的学生

''如果我的大学不提供我需要的主题课程，Coursera 便是最好的去处之一。'

Chaitanya A.

''学习不仅仅是在工作中做的更好：它远不止于此。Coursera 让我无限制地学习。'

通过 Coursera Plus 开启新生涯

无限制访问 10,000+ 世界一流的课程、实践项目和就业就绪证书课程 - 所有这些都包含在您的订阅中

了解更多

通过在线学位推动您的职业生涯

获取世界一流大学的学位 - 100% 在线

探索学位

加入超过 3400 家选择 Coursera for Business 的全球公司

提升员工的技能，使其在数字经济中脱颖而出

了解更多

常见问题

Yes, you can preview the first video and view the syllabus before you enroll. You must purchase the course to access content not included in the preview.

If you decide to enroll in the course before the session start date, you will have access to all of the lecture videos and readings for the course. You’ll be able to submit assignments once the session starts.

Once you enroll and your session begins, you will have access to all videos and other resources, including reading items and the course discussion forum. You’ll be able to view and submit practice assessments, and complete required graded assignments to earn a grade and a Course Certificate.

Pentesting APIs

Pentesting APIs

您将学到什么

您将获得的技能

您将学习的工具

要了解的详细信息

了解顶级公司的员工如何掌握热门技能

该课程共有10个模块

Understanding APIs and Their Security Landscape

涵盖的内容

Setting Up the Penetration Testing Environment

涵盖的内容

API Reconnaissance and Information Gathering

涵盖的内容

Authentication and Authorization Testing

涵盖的内容

Injection Attacks and Validation Testing

涵盖的内容

Error Handling and Exception Testing

涵盖的内容

Denial of Service and Rate-Limiting Testing

涵盖的内容

Data Exposure and Sensitive Information Leakage

涵盖的内容

API Abuse and Business Logic Testing

涵盖的内容

Secure Coding Practices for APIs

涵盖的内容

位教师

提供方

从 Software Development 浏览更多内容

Apply API Testing Fundamentals Using Postman

Protecting and Managing APIs

API Testing a real web application via Postman

Building API Test Automation Framework Using Rest Assured

人们为什么选择 Coursera 来帮助自己实现职业发展

Felipe M.

Jennifer J.

Larry W.

Chaitanya A.

通过 Coursera Plus 开启新生涯

通过在线学位推动您的职业生涯

加入超过 3400 家选择 Coursera for Business 的全球公司

常见问题

Can I preview a course before enrolling?

When will I have access to the lectures and assignments?

What will I get when I enroll?

更多问题