Lab Setup Quiz API Security Fundamentals

Question 1

What is the primary operating system that will be used throughout the API Penetration Testing course?

Parrot OS

Kali Linux

Correct answer.

Windows 10

MacOS Sierra

Question 2

What are the primary tools used for the API Penetration Testing course?

MassScan, NetCat, SMBClient, Postman, and RPCclient

Kiterunner, Git, Maltego, Nikto, Dirbuster, and Burp Suite

Amass, Legion, Sublist3r, Metasploit, and Swagger

Postman, Amass, Burp Suite, WFuzz, Kiterunner, and JWT_Tool.

Correct answer.

Question 3

Which two deliberately vulnerable applications are used throughout the API Penetration Testing course?

crAPI + vAPI

Correct answer.

DVGA + DVGQL

vAmPI + crAPI

crAPI + Pixi

Question 4

What three other educational platforms can be used to find other API hacking labs? (Check all that apply)

TryHackMe

Correct answer.

GitHub

Correct answer.

HackTheBox

Correct answer.

The Wayback Machine

Question 5

When starting a new operating system it is always a good idea to:

A. Create a hapihacker user account

B. Update the system

C. Change the default credentials

B & C

Correct answer.

A, B & C

Question 6

When using a command line tool like JWT_tool what commands/options can be used to learn how to use it? (Check all that apply)

$jwt_tool -a

$jwt_tool -h

$jwt_tool --help

$jwt_tool

$man jwt_tool

Correct answer.

Introduction Quiz API Security Fundamentals

Question 1

Who is the API Penetration Testing course for? (Check all that apply)

Anyone interested in learning how to test APIs for security weaknesses

Correct answer.

Bug bounty hunters and penetration testers

Correct answer.

Anyone with basic knowledge of how web applications and APIs work

Correct answer.

Developers interested in learning more about how applications are attacked

Correct answer.

Question 2

How long should this course take?

This is a self-paced course

Correct answer.

3 months

6 months

1 year

Question 3

The API Penetration Testing course will primarily focus on testing which type of API?

Simple Object Access Protocol

GraphQL Application Programming Interfaces

Remote Procedural Call (gRPC) Application Programming Interfaces

Representational State Transfer (REST) Application Programming Interfaces

Correct answer.

Question 4

What API vulnerabilities will this course teach you to exploit? (Check all that apply)

Excessive Data Exposure, Broken Object Level Authorization, and Broken Function Level Authorization

Correct answer.

Mass Assignment, Injection, and Server-Side Request Forgery

Correct answer.

Broken Authentication

Correct answer.

Improper Assets Management

Correct answer.