API Badge
23 Completed
34 Videos
41 Exercises
The API badge is our set of exercises created to help you learn API testing. The first few challenges are based on challenges you already solved to get you more confident with API testing and review your knowledge and methodology. Then, harder challenges are provided to get you to the next level.
Exercises
Medium
PENTESTERLAB
API 08
- This exercise covers how one can inspect HTTP responses to identify information leaks.
- 1 video
- Completed by 1385 students
- Takes < 1 Hr. on average
- Rails/Angular
- CWE-200
Medium
PENTESTERLAB
API 09
- This exercise covers how one can inspect HTTP responses to identify information leaks.
- 1 video
- Completed by 548 students
- Takes < 1 Hr. on average
- Rails/Angular
Medium
PENTESTERLAB
API 10
- This exercise covers a common filter bypass in API.
- 1 video
- Completed by 454 students
- Takes < 1 Hr. on average
- Golang/Vue
Medium
PENTESTERLAB
API 11
- This exercise covers a common filter bypass in API.
- 1 video
- Completed by 429 students
- Takes < 1 Hr. on average
- Golang/Vue
Medium
PENTESTERLAB
API 12
- This exercise covers a common filter bypass in API.
- 1 video
- Completed by 399 students
- Takes < 1 Hr. on average
- Golang/Vue
Hard
PENTESTERLAB
API 13
- This exercise covers a complex filter bypass in API.
- 1 video
- Completed by 363 students
- Takes < 1 Hr. on average
- Golang/Vue
Medium
PENTESTERLAB
API 14
- This exercise covers how to exploit a leaked encrypted password with an API.
- 1 video
- Completed by 376 students
- Takes < 1 Hr. on average
- Golang/Vue
Hard
PENTESTERLAB
API 15
- This exercise covers how to exploit a leaked encrypted password with an API.
- 1 video
- Completed by 315 students
- Takes < 1 Hr. on average
- Golang/Vue
Medium
PENTESTERLAB
API 16
- This exercise covers how to exploit an authorization issue in an API.
- 1 video
- Completed by 202 students
- Takes < 1 Hr. on average
- Golang
Medium
PENTESTERLAB
API 17
- This exercise covers how to exploit an authorization issue in an API.
- 1 video
- Completed by 146 students
- Takes < 1 Hr. on average
- Golang
Medium
PENTESTERLAB
API 18
- This exercise covers how to exploit an authorization issue in an API.
- 1 video
- Completed by 134 students
- Takes < 1 Hr. on average
- Golang
Medium
PENTESTERLAB
API 19
- This exercise covers how to exploit an authorization issue in an API.
- 1 video
- Completed by 128 students
- Takes < 1 Hr. on average
- Golang
Medium
PENTESTERLAB
API 20
- This exercise covers how to exploit an authorization issue in an API.
- 1 video
- Completed by 132 students
- Takes < 1 Hr. on average
- Golang
Easy
PENTESTERLAB
API JWT REVOCATION
- This exercise covers how to bypass a weak JWT Revocation Mechanism.
- Completed by 105 students
- Takes < 1 Hr. on average
- Ruby-on-Rails
- jwt
Medium
PENTESTERLAB
API Payments 02
- This exercise covers a simple payments bypass.
- 2 videos
- Completed by 1231 students
- Takes < 1 Hr. on average
- Rails/Angular
- CWE-354,CWE-472
Medium
PENTESTERLAB
API Payments 03
- This exercise covers a simple payments bypass.
- 2 videos
- Completed by 1071 students
- Takes < 1 Hr. on average
- Rails/Angular
- CWE-354,CWE-472
Medium
PENTESTERLAB
API Payments 04
- This exercise covers how to abuse a shopping cart allowing users to apply a voucher..
- 2 videos
- Completed by 952 students
- Takes < 1 Hr. on average
- Rails/Angular
- CWE-472
Hard
PENTESTERLAB
API Payments 05
- This exercise covers how to abuse a shopping cart allowing users to apply a voucher.
- 1 video
- Completed by 697 students
- Takes < 1 Hr. on average
- Rails/Angular
- CWE-345,CWE-693
Medium
PENTESTERLAB
API Payments 06
- This exercise covers a simple payments bypass.
- 2 videos
- Completed by 777 students
- Takes < 1 Hr. on average
- Rails/Angular
- CWE-472
Medium
PENTESTERLAB
API Payments 07
- This exercise covers a way to manipulate a shopping cart to lower the total amount
- 2 videos
- Completed by 744 students
- Takes < 1 Hr. on average
- Rails/Angular
- CWE-353
Medium
PENTESTERLAB
Mongo IDOR
- This challenge covers how to exploit an IDOR when Mongo IDs are used
- 1 video
- Completed by 914 students
- Takes < 1 Hr. on average
- ROR/MongoDB