API Security Certified Professional
Introducing the ASCP
Prove your API hacking skills by taking this hands-on exam. You will have to perform a penetration test of two API-driven applications by discovering vulnerabilities, exploiting weaknesses, and reporting your findings.
Are you an aspiring cybersecurity professional or a seasoned expert looking to prove your skills in the world of web application security? The API Security Certified Professional exam provides the opportunity to validate your abilities and showcase your expertise in live penetration testing of web application programming interfaces (APIs).
Format:
- 12-hour exam
- You pick when to start
- Two API-driven applications to pentest
- One free retake included
- Upon completion, you will receive a physical coin and certificate
- Rules of Engagement (PDF)
Why Should You Obtain the ASCP Certification?
- Boost Your Career: The ASCP certification sets you apart from the competition, proving to employers that you have the knowledge and skills required to effectively secure web APIs.
- Stay Up-to-Date: Keep your skillset current and relevant in a rapidly changing technological landscape by mastering the latest in API security best practices.
- Join an Elite Community: Connect with other ASCP-certified professionals to share knowledge, experiences, and opportunities in the cybersecurity industry.
Purpose
The ASCP exam validates your ability to effectively conduct live penetration testing on web APIs in order to identify and assess potential security vulnerabilities.
The exam will demonstrate that you know how to discover APIs, interact with endpoints, and exploit several weaknesses like Broken Authentication, Mass Assignment, and Broken Object Level Authorization. When you obtain the ASCP, you will prove that you have the skill set to thoroughly test web APIs.
Who is this for?
The ASCP is for anyone looking for a challenge that will demonstrate they have the skills to test web APIs for security weaknesses. Professionally speaking, ASCP is a great certification to have for security engineers, developers, bug bounty hunters, and penetration testers.
The API Penetration Testing course is completely free for anyone that wants to learn about API hacking. Those who would like to certify their knowledge can take the API Penetration Testing exam. The exam is a practical assessment of your ability to test APIs and find vulnerabilities. Students who pass the exam will receive the certification.
Certified API Security Analyst Exam
Ready to put your API security knowledge to the test?
The CASA exam is designed to test your expertise in API security threats, risks, and best practices. Students are expected to have completed the OWASP API Security and Beyond! course before attempting to earn the CASA certification.
About the exam
- Exam format: 100 multiple choice questions / 2 hours
- Certification criteria: Students must answer 80%+ correct
- Study material: OWASP API Security Top 10 and Beyond! course
- Schedule the exam on your own time
Corey Ball
You can design an API you think is ultra-secure, but if you don't test it, then a cybercriminal somewhere is going to do it for you."
Meet the Instructor
Corey Ball
Corey Ball has emerged as one of the leading experts in API security and is the author of Hacking APIs. Corey is a cybersecurity consulting manager at Moss Adams, where he leads its penetration testing services. He has over ten years of experience working in IT and cybersecurity across several industries, including aerospace, agribusiness, energy, financial tech, government services, and healthcare.