Essentials of API testing
RCCE students will learn API security testing methodologies including REST API testing, authentication testing, authorization testing, input validation testing, business logic testing, and API fuzzing. RCCE students will learn to plan and execute API security assessments, test API authentication mechanisms for weaknesses, verify authorization controls at the object and function level, fuzz API endpoints to discover input validation vulnerabilities, test business logic flows for manipulation opportunities, use API testing tools including Burp Suite, Postman, and custom scripts, and write API security assessment reports with prioritized remediation guidance. This essentials course covers the core knowledge needed to operate competently in this domain. Starting from foundational concepts, RCCE students will learn the fundamental concepts, terminology, risks, and defenses that form the foundation for all further study and professional practice. Students build a solid knowledge base that prepares them for more advanced courses and real-world security responsibilities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Essentials of API testing
- Execute hands-on tasks for advanced cyber defense mastery
- Execute hands-on tasks for offensive security
- Execute hands-on tasks for 4 credit hours
- Execute hands-on tasks for plan & execute
- Execute hands-on tasks for core definition
- Execute hands-on tasks for application programming interface
- Execute hands-on tasks for common api types — covering REST — HTTP-based, stateless, JSON/XML.
- Execute hands-on tasks for security risk
- Execute hands-on tasks for broken object-level auth
- Execute hands-on tasks for unrestricted access to sensitive flows
- Execute hands-on tasks for broken authentication
- Execute hands-on tasks for server-side request forgery
| Module 01 | Advanced Cyber Defense Mastery |
| Module 02 | Offensive Security |
| Module 03 | 4 Credit Hours |
| Module 04 | Plan & Execute |
| Module 05 | Core Definition |
| Module 06 | Application Programming Interface |
| Module 07 | Common API Types |
| Module 08 | Security Risk |
| Module 09 | Broken Object-Level Auth |
| Module 10 | Unrestricted Access to Sensitive Flows |
| Module 11 | Broken Authentication |
| Module 12 | Server-Side Request Forgery |
| Module 13 | Authentication Testing Techniques |
| Module 14 | Token Analysis |
All hands-on labs run on Rocheston Rose X OS. Students practice essentials of api testing by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for advanced cyber defense mastery
- Lab 2: Execute hands-on tasks for offensive security
- Lab 3: Execute hands-on tasks for 4 credit hours
- Lab 4: Execute hands-on tasks for plan & execute
- Lab 5: Execute hands-on tasks for core definition
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Essentials of API testing, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI