Welcome to Andy Infosec (9021928862 )

  • info@andyinfosec.com
  • Training|Research|Services, 303 RK One, Dam Road, Rasta Peth, Pune, Maharashtra, India


API stands for Application Programming Interface which is widely used on the internet for Web Applications, mobile, IoT, desktop applications, and much more as shown in examples above. The modern application uses the API to call or execute the actions or the activities of the user. Customers or service users are exposed to the API architecture or structure.

This API exploitation and security course are designed for core professionals and learners who focus more on the implementation and security of API endpoints and communications.





  • Introduction to API Security Testing
  • Different Approach to API Security Testing 
  • Tools and Frameworks for API Security Testing
  • Traditional API testing v/s API Security testing
  • API Endpoint Analysis
  • GRC & Code quality in API Security
  • Setup API Live Test Case Environment
  • API Penetration Testing Methodologies
  • API Security Testing & Audit control checklists
  • Discovering Leaky APIS|Hidden APIS - RECONNAISSANCE
  • API Authentication and Authorization Vulnerabilities
  • API Attacks
  • OWASP API Top 10
  • Mitigation of all API Attacks



 Prerequisite - Must have basic understanding of API, VAPT and other Penetration Testing techniques.