Academy

Know and learn more on API Security.

API Discovery
API Sprawl
API Endpoint
API Gateway
Account Takeover (ATO)
Blue Team
Bots
Bot Attack
Bot Management Tools
Broken Access Controls
Broken Authentication/Broken User Authentication (BUA)
Broken Function Level Authorization (BFLA)
Broken Object Level Authorization (BOLA)
Bug Bounty Program
Business Logic Attack
Click Fraud
Client-Side Attacks
Cloud-native Security
Coupon Scraping
Credential Abuse
Credential Stuffing
Cross-Site Scripting (XSS)
Cryptomining Malware
DAST
Data Breach
Data Exfiltration/Leakage
DDoS
Defense-in-Depth (DiD)
Device Fingerprinting
DevSecOps
Excessive Data Exposure
Gift Card Fraud
GraphQL
IAST
Improper Assets Management
Injection
Insecure Deserialization
Insecure Direct Object Reference (IDOR)
Insufficient Logging & Monitoring
Inventory Hoarding
Keystroke Loggers
Lack of Resources & Rate Limiting
Leaking API
Local File Inclusion (LFI)
Magecart
Mass Assignment
Next Generation WAF
Open Authorization (OAuth)
OWASP
OWASP Top 10
OWASP API Top 10
Penetration Testing
Personally Identifiable Information (PII)
Policy Decision Point (PDP)
Policy Enforcement Point (PEP)
Positive Security Model
Purple Team
RASP / Runtime Application Self Protection
Red Team
Remote Code Execution (RCE)
SAST
Secure SDLC
Security Misconfiguration
Sensitive Data Exposure
Shadow APIs
Software Composition Analysis (SCA)
Swagger
Taint Analysis
Threat Actor
Threat Landscape
Threat Modeling
WAAP / Web Application & API Protection
WAF / Web Application Firewall
Web Application Security
Web Scraping
WebSockets
Zero-day Attack