API Badge

21 Videos
19 Exercises
Easy image for API 01

API 01

  • This exercise is the API version of an exercise you already solved in the Essential Badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 2279 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • cwe-639,cwe-284

 

Easy image for API 02

API 02

  • This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 1878 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-327

 

Easy image for API 03

API 03

  • This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
  • 1 video
  • Completed by 1377 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-327

 

Easy image for API 04

API 04

  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 1357 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

 

Easy image for API 05

API 05

  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 1291 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

 

Easy image for API Payments 01

API Payments 01

  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 938 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API
  • CWE-288,CWE-354,CWE-472

 

Easy image for API 06

API 06

  • This exercise covers how one can inspect JavaScript code to identify unused endpoints.
  • 1 video
  • Completed by 1058 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-1028

 

Easy image for API Payments 02

API Payments 02

  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 759 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-354,CWE-472

 

Easy image for API Payments 03

API Payments 03

  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 638 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-354,CWE-472

 

Easy image for API Payments 04

API Payments 04

  • This exercise covers how to abuse a shopping cart allowing users to apply a voucher..
  • 2 videos
  • Completed by 541 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-472

 

Easy image for API Payments 06

API Payments 06

  • This exercise covers a simple payments bypass.
  • 2 videos
  • Completed by 382 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-472

 

Easy image for API Payments 07

API Payments 07

  • This exercise covers a way to manipulate a shopping cart to lower the total amount
  • 2 videos
  • Completed by 353 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-353

 

Easy image for API 07

API 07

  • This exercise covers how one can inspect JavaScript code to identify information leak.
  • 1 video
  • Completed by 930 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • API, Angular
  • CWE-950

 

Easy image for API 08

API 08

  • This exercise covers how one can inspect HTTP responses to identify information leaks.
  • 1 video
  • Completed by 863 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-200

 

Coming soon
Easy image for API 09

API 09

  • This exercise covers how one can inspect HTTP responses to identify information leaks.
  • Takes -- on average
  • Rails/Angular

 

Easy image for Mongo IDOR

Mongo IDOR

  • This challenge covers how to exploit an IDOR when Mongo IDs are used
  • Completed by 582 students
  • Takes < 1 Hr. on average
  • ROR/MongoDB

 

Coming soon
Medium image for API Mobile 01

API Mobile 01

  • This exercise covers how you can intercept traffic from a mobile application and uses this to gain access to sensitive information.
  • Takes -- on average
  • Node/React Native

 

Coming soon
Medium image for Mongo IDOR II

Mongo IDOR II

  • This challenge covers how to recover a Mongo ID to leverage an IDOR
  • Takes -- on average
  • ROR/MongoDB

 

Hard image for API Payments 05

API Payments 05

  • This exercise covers how to abuse a shopping cart allowing users to apply a voucher.
  • 1 video
  • Completed by 374 students
  • Takes < 1 Hr. on average
  • Rails/Angular
  • CWE-345,CWE-693