API Badge

29 Videos
25 Exercises

Patch Review Exercises

Exercises

Easy
API 01
  • This exercise is the API version of an exercise you already solved in the Essential Badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 2629 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • cwe-639,cwe-284

 

Easy
API 02
  • This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 2192 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-327

 

Easy
API 03
  • This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 1661 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-327

 

Easy
API 04
  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 1632 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

 

Easy
API 05
  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 1560 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

 

Easy
API 06
  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 1291 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

 

Medium
API 07
  • This exercise covers how one can inspect JavaScript code to identify information leak.
  • 1 video
  • Completed by 1143 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-950

 

Medium
API 08
  • This exercise covers how one can inspect HTTP responses to identify information leaks.
  • 1 video
  • Completed by 1076 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-200

 

Medium
API 09
  • This exercise covers how one can inspect HTTP responses to identify information leaks.
  • 1 video
  • Completed by 239 students
  • Takes < 1 Hr. on average
  • Rails/Angular

 

Medium
API 10
  • This exercise covers a common filter bypass in API.
  • 1 video
  • Completed by 142 students
  • Takes < 1 Hr. on average
  • Golang/Vue

 

Medium
API 11
  • This exercise covers a common filter bypass in API.
  • 1 video
  • Completed by 134 students
  • Takes < 1 Hr. on average
  • Golang/Vue

 

Medium
API 12
  • This exercise covers a common filter bypass in API.
  • 1 video
  • Completed by 119 students
  • Takes < 1 Hr. on average
  • Golang/Vue

 

Hard
API 13
  • This exercise covers a complex filter bypass in API.
  • 1 video
  • Completed by 109 students
  • Takes < 1 Hr. on average
  • Golang/Vue

 

Medium
API 14
  • This exercise covers how to exploit a leaked encrypted password with an API.
  • 1 video
  • Completed by 112 students
  • Takes < 1 Hr. on average
  • Golang/Vue

 

Hard
API 15
  • This exercise covers how to exploit a leaked encrypted password with an API.
  • 1 video
  • Completed by 94 students
  • Takes 1-2 Hrs. on average
  • Golang/Vue

 

Coming soon
Medium
API Mobile 01
  • This exercise covers how you can intercept traffic from a mobile application and uses this to gain access to sensitive information.
  • Takes -- on average
  • Node/React Native

 

Easy
API Payments 01
  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 1208 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-288,CWE-354,CWE-472

 

Medium
API Payments 02
  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 990 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-354,CWE-472

 

Medium
API Payments 03
  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 843 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-354,CWE-472

 

Medium
API Payments 04
  • This exercise covers how to abuse a shopping cart allowing users to apply a voucher..
  • 2 videos
  • Completed by 738 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-472

 

Hard
API Payments 05
  • This exercise covers how to abuse a shopping cart allowing users to apply a voucher.
  • 1 video
  • Completed by 526 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-345,CWE-693

 

Medium
API Payments 06
  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 571 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-472

 

Medium
API Payments 07
  • This exercise covers a way to manipulate a shopping cart to lower the total amount
  • 2 videos
  • Completed by 540 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-353

 

Medium
Mongo IDOR
  • This challenge covers how to exploit an IDOR when Mongo IDs are used
  • 1 video
  • Completed by 741 students
  • Takes < 1 Hr. on average
  • ROR/MongoDB

 

Coming soon
Medium
Mongo IDOR II
  • This challenge covers how to recover a Mongo ID to leverage an IDOR
  • Takes -- on average
  • ROR/MongoDB