Offensive API Exploitation and Security (OAES)
40 hours of training with 38 modules
API stands for Application Programming Interface and widely used for Web Application, mobile, IoT, desktop applications, and many more to communicate with each other.

Hacker Associate will provide you custom VM specially designed for API Penetration Testing, and all tools are properly configured to check Security flaw in modern API.
Nowadays, Everything is API, and whenever you visit the web page or click on any link, you are communicating to API.

OAES-308 Certification program is completely hands-on, and advanced CTF(capture the flag) labs is introduced for each candidate.

In this OAES-308 Certification program will focus on complete API exploitation and defense technique. We will see in detail all standards like SOAP, XML, REST, and GRAPH QL, and best practices.

We will also learn how we can penetrate cloud-based Web API and will go through advanced technique and industry best practices for modern web application, mobile app, and desktop applications.
Example: Goibibo for booking the flight ticket and Book my show for a movie ticket and many more, nowadays, we are entirely relying on API.

You can see a full API video and understand how API work?
- Software Engineer
- Security Expert
- Application Developer
- Web Developer
- Backed Developer
- Penetration Tester
- Ethical Hacker
- Anybody who wants to add API Security and OAuth skills to their CV
There is no prerequisites to take this course. We will be learning each module from the scratch.
Module-1- Brief Introduction to API and case study
Module-2- HTTP and HTTPS basics
Module-3- Brief Introduction to TLS/SSL and how encryption work
Module-4- API Standards in Details
Module-5- Lab Setup for Offensive API Penetration Testing
Module-6- Python Lab Setup for API Penetration Testing
Module-7- Modern API Attacks and Countermeasure
Module-8- Securing API and case study
Module-9- Proxy Tools and configuration ( Burpsuite and Fiddler)
Module-10- Exploring Hidden feature of BURP for API Exploitation
Module-11- TOP-20 API Industry based Tools and configuration
Module-12- Fuzzing API using custom scripts
Module-13- Crafting series of attack for API Exploitation
Module-14- API Reconnaissance and Fingerprint
Module-15- REST-API Crafting attacks
Module-16- Brief Introduction to JWT Token
Module-17- Brief Introduction to Session, Cookie & Tokens
Module-18- JWT Token Bypassing Technique
Module-19- Cryptographic Algorithm Attack
Module-20- UBER/GITHUB API Endpoint Analysis
Module-21- Brief Introduction to OAuth 1 and OAuth 2
Module-22- Brief Introduction to OpenID
Module-23- Attack OAuth Token
Module-24- Open REDIRECT Attack
Module-25- XSS and CSRF Attack on OAuth
Module-26- DOS/DDOS Attack on API
Module-27- Implicit Attack Flow
Module-28- Bruteforcing Attack on Token
Module-29- Pure Bruteforcing Attack on API
Module-30- Authentication Bypass
Module-31- IDOR Attacks Flow and Hands-on
Module-32- SQL Injection Identifying on API
Module-33- SQL Injection Attack on API
Module-34- RCE Attack Flow and Hands-on
Module-35- Mitigation of all API Attacks
Module-36- Hash Cracking Technique
Module-37- Public/Private Key Attacking technique
Module-38- OAES Exam Walkthrough
Module-39- OWASP API Security Top 10
Module-40- OAuth2 Client CSRF Attack
Module-41- OAuth2 Authorization Server CSRF 
Module-42- CVE-2016-4977( Vulnerable Version of Spring's OAuth)
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram