Sign in Create Account

API Badge

The API badge is our set of exercises created to help you learn API testing. The first few challenges are based on challenges you already solved to get you more confident with API testing and review your knowledge and methodology. Then, harder challenges are provided to get you to the next level.

41 exercises 110 completed 43 videos

Exercises

Easy
api badge icon
API 01
  • This exercise is the API version of an exercise you already solved in the Essential Badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 3720 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • cwe-639,cwe-284

Easy
api badge icon
API 02
  • This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 3194 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-327

Easy
api badge icon
API 03
  • This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 2527 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-327

Easy
api badge icon
API 04
  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 2559 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

Easy
api badge icon
API 05
  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 2368 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

Easy
api badge icon
API 06
  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 2051 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

Medium
api badge icon
API 07
  • This exercise covers how one can inspect JavaScript code to identify information leak.
  • 1 video
  • Completed by 1918 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-950

Medium
api badge icon
API 08
  • This exercise covers how one can inspect HTTP responses to identify information leaks.
  • 1 video
  • Completed by 1823 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-200

Medium
api badge icon
API 09
  • This exercise covers how one can inspect HTTP responses to identify information leaks.
  • 1 video
  • Completed by 1019 students
  • Takes < 1 Hr. on average
  • Rails/Angular

Medium
api badge icon
API 10
  • This exercise covers a common filter bypass in API.
  • 1 video
  • Completed by 885 students
  • Takes < 1 Hr. on average
  • Golang/Vue

Medium
api badge icon
API 11
  • This exercise covers a common filter bypass in API.
  • 1 video
  • Completed by 816 students
  • Takes < 1 Hr. on average
  • Golang/Vue

Medium
api badge icon
API 12
  • This exercise covers a common filter bypass in API.
  • 1 video
  • Completed by 774 students
  • Takes < 1 Hr. on average
  • Golang/Vue

Hard
api badge icon
API 13
  • This exercise covers a complex filter bypass in API.
  • 1 video
  • Completed by 697 students
  • Takes < 1 Hr. on average
  • Golang/Vue

Medium
api badge icon
API 14
  • This exercise covers how to exploit a leaked encrypted password with an API.
  • 1 video
  • Completed by 727 students
  • Takes < 1 Hr. on average
  • Golang/Vue

Hard
api badge icon
API 15
  • This exercise covers how to exploit a leaked encrypted password with an API.
  • 1 video
  • Completed by 638 students
  • Takes < 1 Hr. on average
  • Golang/Vue

Medium
api badge icon
API 16
  • This exercise covers how to exploit an authorization issue in an API.
  • 2 videos
  • Completed by 567 students
  • Takes < 1 Hr. on average
  • Golang

Medium
api badge icon
API 17
  • This exercise covers how to exploit an authorization issue in an API.
  • 2 videos
  • Completed by 476 students
  • Takes < 1 Hr. on average
  • Golang

Medium
api badge icon
API 18
  • This exercise covers how to exploit an authorization issue in an API.
  • 2 videos
  • Completed by 563 students
  • Takes < 1 Hr. on average
  • Golang

Medium
api badge icon
API 19
  • This exercise covers how to exploit an authorization issue in an API.
  • 1 video
  • Completed by 550 students
  • Takes < 1 Hr. on average
  • Golang

Medium
api badge icon
API 20
  • This exercise covers how to exploit an authorization issue in an API.
  • 1 video
  • Completed by 532 students
  • Takes < 1 Hr. on average
  • Golang

Easy
api badge icon
API JWT REVOCATION
  • This exercise covers how to bypass a weak JWT Revocation Mechanism.
  • 1 video
  • Completed by 483 students
  • Takes < 1 Hr. on average
  • Ruby-on-Rails
  • JWT

Medium
api badge icon
API Mass-Assignment 01
  • 1 video
  • Completed by 498 students
  • Takes < 1 Hr. on average
  • Ruby-on-Rails

Medium
api badge icon
API Mass-Assignment 02
  • 1 video
  • Completed by 470 students
  • Takes < 1 Hr. on average
  • Ruby-on-Rails

Medium
api badge icon
API Mass-Assignment 03
  • 1 video
  • Completed by 439 students
  • Takes < 1 Hr. on average
  • Ruby-on-Rails

Easy
api badge icon
API Payments 01
  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 2021 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-288,CWE-354,CWE-472

Medium
api badge icon
API Payments 02
  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 1522 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-354,CWE-472

Medium
api badge icon
API Payments 03
  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 1356 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-354,CWE-472

Medium
api badge icon
API Payments 04
  • This exercise covers how to abuse a shopping cart allowing users to apply a voucher..
  • 2 videos
  • Completed by 1247 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-472

Hard
api badge icon
API Payments 05
  • This exercise covers how to abuse a shopping cart allowing users to apply a voucher.
  • 1 video
  • Completed by 934 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-345,CWE-693

Medium
api badge icon
API Payments 06
  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 1028 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-472

Medium
api badge icon
API Payments 07
  • This exercise covers a way to manipulate a shopping cart to lower the total amount
  • 2 videos
  • Completed by 995 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-353

Easy
api badge icon
GraphQL Authorization 01
  • This exercise covers a simple authorization issue in a GraphQL application.
  • 1 video
  • Completed by 438 students
  • Takes < 1 Hr. on average
  • GraphQL/Node

Easy
api badge icon
GraphQL Authorization 02
  • This exercise covers a simple authorization issue in a GraphQL application.
  • 1 video
  • Completed by 448 students
  • Takes < 1 Hr. on average
  • GraphQL/Node

Medium
api badge icon
Mongo IDOR
  • This challenge covers how to exploit an IDOR when Mongo IDs are used
  • 1 video
  • Completed by 1205 students
  • Takes < 1 Hr. on average
  • ROR/MongoDB

Medium
api badge icon
Mongo IDOR II
  • This challenge covers how to recover a Mongo ID to leverage an IDOR
  • Completed by 361 students
  • Takes < 1 Hr. on average
  • ROR/MongoDB

Medium
api badge icon
Mongo IDOR III
  • Completed by 247 students
  • Takes < 1 Hr. on average
  • ROR/MongoDB

Hard
api badge icon
Mongo IDOR IV
  • Completed by 145 students
  • Takes 2-4 Hrs. on average
  • ROR/MongoDB

Medium
api badge icon
ORM LEAK 01
  • This exercise covers how to exploit a simple ORM leak.
  • Completed by 281 students
  • Takes 1-2 Hrs. on average
  • Python

Medium
api badge icon
ORM LEAK 02
  • This exercise covers how to exploit an ORM leak vulnerability
  • Completed by 237 students
  • Takes < 1 Hr. on average
  • Python

Medium
api badge icon
ORM LEAK: SQLite
  • This exercise covers how to exploit an ORM leak vulnerability
  • Completed by 163 students
  • Takes 1-2 Hrs. on average
  • Python

Medium
api badge icon
UUIDv1 IDOR
  • Completed by 223 students
  • Takes 1-2 Hrs. on average
  • ROR