Getting Started in
API Pen-Testing
Enroll Now
This 60-minute course will get you on your way to pen testing APIs. Learn pen testing basics including attack vectors, methodologies, OWASP API Top 10, AI tools, hacking tips, and documentation, with a shift-left approach and practical techniques.
(Earn 1 CPE)
Course Topics
Course Overview
The Introduction covers the course layout including key concepts and what to know and do before, during, and after API pen-testing.
Part 1: Key Concepts
Cover key concepts in API pen-testing including attack vectors, SAST vs DAST vs HAST, and shift-left testing in the SDLC.
Part 2: Before Testing
What to do before pen-testing including your API pen-testing checklist, automated scanning tools, API discovery methods.
Part 3: During Testing
Learn where to start when hacking an API and walk through hacking tips mapped to each of the OWASP API Top 10.
Part 4: After Testing
Master pen-testing reports: executive summary, scope, methodology, findings, recommendations, and conclusion. Learn what to emphasize for clarity.
Conclusion and Best Practices
Cover API-specific risks (e.g. exposed data, BOLA, IDOR). Learn to think like attackers, act ethically, and continuously strengthen defenses in pen-testing.
Meet the Instructor
Teresa Pereira
Teresa Pereira is a Cyber Threat Hunter at Siemens Energy with expertise in penetration testing, API security, and threat analysis. Previously at KPMG Portugal, she specialized in vulnerability exploitation, social engineering, and API pentesting. A speaker at apidays Paris 2023 and apidays London 2024, Teresa holds certifications like API Security Certified Professional (ASCP) and Certified in Cybersecurity (CC). Ranked in the top 6% on TryHackMe, she also serves as an APIsec University Ambassador. With a Computer Engineering degree and a passion for mentoring, Teresa is dedicated to enhancing cybersecurity awareness and resilience across industries.
Enroll NowEarn your APIsec University Certificate
Earn an APIsec University certificate and badge for completing any of our courses.
Post your badge on LinkedIn and share your accomplishments. You can even receive CPE credits for taking these courses.
