Learning API Security Made Easy - APISEC University

Introduction

Modern web and mobile applications have Application Program Interfaces (APIs). However, many APIs are vulnerable to attacks that businesses are unaware of. This is a rapidly growing topic in the cybersecurity world, as many new companies are developing Software-as-a-Service (SaaS) applications. In this blog, we will introduce a platform that offers numerous resources for learning API Security.

Proud Partners of APISEC

At MRE Security, we are thrilled to announce that we are officially partnered with APISEC/APISEC University. This platform is incredible for learning API Security, and here’s why. Not only do they offer fantastic courses that are entirely free, but each year, they host an APISEC|CON where a group of security professionals discuss various vulnerabilities they have identified in real-world applications and how to begin learning API security.

What Does This Partnership Mean for You?

This means that MRE Security and APISEC will begin producing content to help people learn the fundamentals and advanced skills of API Security. While I cannot go into specifics in this blog, let’s say we have several projects in the works that will be shared soon. Expect to see new videos, walkthroughs, blogs, and more! Let’s not forget about giveaways for certifications.

This partnership is a significant step toward making API security education more accessible and impactful.

What does APISEC do

As previously stated, all courses are entirely free of charge as of the time of this post. Some of the courses available include how to read API documentation, the OWASP API Top 10, securing API servers, API security fundamentals, and more.

While they offer fantastic courses, they also provide various certifications that can enhance your API security skillset. These certifications are paid but reasonably priced. Here’s a breakdown of the certifications. These certifications do not expire as of the time of this blog post.

• Certified API Security Analyst (CASA) - This is an entry-level certification that covers the OWASP API Security Top 10 and Beyond! course. The certification consists of 100 multiple-choice questions with an 80% pass rate. The price point is $125, with a $75 retake fee. After completing the certification, you will get a Credly badge and certification that can be put on LinkedIn and your resume.
• APIsec Certified Practitioner (ACP) - This is an entry-level certification that requires completion of five courses before taking the exam. This is a more comprehensive exam than the CASA, as you will need to provide more information about documentation, authentication methods, securing an API, and other related topics. There are 100 questions, and you must secure at least 80% to pass. After you pass, you will receive a Credly badge and a certification.
• API Security Certified Professional (ASCP) - This is a more advanced and practical certification that requires you to understand documentation and identify and exploit vulnerabilities within two applications. To pass, you will need to identify 6 out of 8 flags. With the price of $425 and a free retake, this is a fantastic certification to level up, understand API security, and read the documentation. A comprehensive review of the certification can be found in “How to Pass the ASCP Exam.” You will receive a challenge coin and a physical certification from APISEC upon passing the certification.

Not only is APISec a university, but they also created an automated API scanner. This scanner helps quickly identify vulnerabilities within an API. This is a freemium product, meaning it offers both a free version and a paid pro version. All the user needs is a link to the API documentation or a Postman Collection/OpenAPI-formatted file. You can explore additional options here.

Conclusion

As stated by APISEC, “As APIs have become the foundation of web and mobile applications, securing them is no longer optional—it’s essential.” Don’t miss out on this opportunity. As many new companies start to build various SaaS applications, they will need their APIs tested for vulnerabilities, which will increase the demand for skilled professionals in this field. APISec University does a fantastic job of helping people break into the API security space, providing free courses, certifications, and an automated scanner for both company and personal use. To use the scanner, ensure you have proper permissions to scan the API before proceeding.

Start your API security journey today at apisecuniversity.com.