This repository contains comprehensive lab reports and weekly study summaries from the CyberSafe API Security Training Program. The documentation captures technical testing, vulnerability analysis, and security assessments across multiple API security domains.
This repository is organized into twelve weeks of progressive API security learning:
-
Week 1 - Introduction to API testing fundamentals
-
Week 2 - JSON Web Token (JWT) authentication and analysis
-
Week 3 - OWASP Top 10 API Security (Parts 1-3)
-
Week 4 - OWASP Top 10 API Security and Beyond (Parts 4-10)
-
Week 5 - Comprehensive review and feedback integration
-
Week 6 - API Gateway Security
-
Week 7 - API Security & PCI DSS
-
Week 8 - Connected Systems Security
-
Week 9 - Intro to API Pen-Testing
-
Weeks 10-12 - Advanced topics and specialized security assessments (Continuous updates)
- Lab Report on VampAPI - Vulnerability assessment of VampAPI application
- Lab Report on JSON Web Token Analysis - JWT security testing and attack vectors
- Summary Report on API Authentication - Authentication mechanisms and best practices
- Lab Report on VulnBank Part 1 - Banking API security vulnerabilities
- Summary Report on Top 10 API Security (1-3) - Analysis of vulnerabilities 1-3
- Lab Report on VulnBank Part 2 - Advanced vulnerability testing
- Summary Report on Top 10 API Security (4-10) - Analysis of vulnerabilities 4-10 and beyond
- Consolidated Review Report - Integrated feedback and recommendations from CyberSafe reviewers
- Week 6 Report: Api gateway implementation using AWS - Practical exercises on OAuth, JWT hardening, session management, and rate limiting.
- Week 7 Report: Secure Coding for APIs PCI-DSS standard - Input validation, output encoding, parameter tampering, and secure error handling.
- No report uploaded, No lab assignment was given
- Week 9 Report: API Penetration Testing (Zerohealth lab) - Hands-on penetration testing using Postman, Burp Suite, and reporting templates.
The following security testing tools were utilized throughout the training:
- Postman - API testing and request automation
- Burp Suite - Web application security testing
- JWT.io - JWT token analysis and validation
- xJWT.io - Additional JWT debugging capabilities
- Visual Studio Code - Code review and documentation
- API authentication and authorization
- JSON Web Token vulnerabilities
- OWASP Top 10 API security risks
- Practical penetration testing techniques
- Security testing methodologies
- Api gateway implementation and security
- Api penetration testing
Author: Falilat Owolabi (leogold)
Program: CyberSafe API Security Training
Last Updated: february 2026