Skip to main content

Home > Trainings > Certified API Security professional_CASP

Certified API Security professional_CASP

APIs now account for 80% of total Internet traffic, from the cloud to your fridge. While APIs bring new ways of developing and distributing applications, they also introduce new ways for malicious actors to attack enterprise systems.

Download Brochure Download Brochure

Training Schedule

Please contact for more details


Self-paced Learning Mode
Browser-based Lab Access
24/7 Instructor Support via Mattermost

Course Objective

The following are the course’s objectives.

    1. Identify, exploit, and protect against a wide variety of API security vulnerabilities.
    2. Gain a practical understanding of API Security and the tools for automation.
    3. Understand and implement the modern ways of scaling API Security Testing.
    4. Gain abilities to audit APIs for security measures and provide solutions.
    5. Understand, assess, and secure APIs written in different architecture styles.
    6. Learn new ways to secure APIs through automation, and DevSecOps practices.

Course Agenda

Module 1: Introduction to API Security

  1. Introduction to Application Programming Interface
  2. Understanding API Architecture
  3. Strategies To Secure APIs
  4. API Defenses
  5. Hands-on Exercises

Module 2: API Security Tools of the trade

  1. The Moving Parts in an API
  2. Critical Toolchain for API Development
  3. Containerization
  4. Ability To Talk to an API
  5. Hands-on Exercises

Module 3: Authentication Attacks and Defenses

  1. Overview of API Authentication
  2. Types of Authentication
  3. Authentication Attacks
  4. Authentication Defenses
  5. Hands-on Exercises

Module 4: Authorization Attacks and Defenses

  1. Overview of API Authorization
  2. Types of Authorization
  3. Authorization Attacks
  4. Authorization Defenses
  5. Authorizing with OAuth Framework

Module 5: Input validation Threats and Defenses

  1. Introduction to Input Validation
  2. Injection Vulnerabilities
  3. Fuzzing
  4. Injection Defenses

Module 6: Other API Security Threats

  1. Introduction to OWASP API Top 10
  2. Attacking Caching Layers (Memcache, Proxies, etc.,)
  3. Attacking GraphQL APIs
  4. Attacking SOAP APIs
  5. Abusing Micro-services, and REST APIs
  6. Post Exploitation in the API World

Module 7: Other API Security Defenses

  1. GraphQL API Security Best Practices
  2. SOAP API Security Best Practices
  3. REST API Security Best Practices
  4. Data Security
  5. Securing Data at Rest Using Encryption
  6. Securing Data in Transit Using TLS
  7. Rate Limiting Best Practices
  8. Security Headers

Module 8: Implementing API Security Mechanisms

  1. API Security Design Best Practices
  2. Authentication Implementation
  3. Authorization Implementation
  4. Rate-Limiting Implementation and Best Practices at Different Stages
  5. Securely Store Secrets Using Hashicorp Vault
  6. Data Security Implementation
  7. Using Transport Layer Security (TLS)
  8. Implementing Sufficient Logging & Monitoring

Module 9: API Security, the DevSecOps Way

  1. OWASP ASVS Framework
  2. Automated Vulnerability Discovery
  3. Finding Insecure Dependencies Using Software Component Analysis
  4. Finding Vulnerabilities in Code Using Static Application Security Testing
  5. Automating API Attacks Using Dynamic Application Security Testing
  6. Addressing API Security Issues at Scale

Exam & Certification

  1. After completing the course, you can schedule the CASP exam on your preferred date.
  2. The process of achieving Practical DevSecOps CASP Certification can be found on the exam and certification page.


Are there any pre-requisites for this course?

  1. Course participants should have a basic understanding of Linux Commands and OWASP Top 10.
  2. Basic knowledge of application development is preferred but is not necessary.

How do I need to take the exam?

TaUB Solutions will request the examinations together with your registration. The exam should be taken at the end of the course. Results are available within 5 working days.

Enroll Now

The session was delivered effectively. It was very interactive with on the job examples. I learned a lot and plan to implement them. Thanks Suresh GP for such a wonderful session.

Sheethal Sudheer BRMPBRM, Business Owner DevSecOps tools, Digital Transformation, Process Management

It was a very interactive session with a lot of real life examples. Very good and informative session by
Suresh GP

Vijaykumar TCVice President - Citi Technology Infrastructure

The CBRM training offered through TaUB Solutions is an excellent course. I first heard Suresh speak a few years back at the BRMConnect conference and taking this course solidified my opinion and respect of Suresh’s vast knowledge of BRM discipline

Michelle Day, CBRM®Director, Business Relationship Management

The training was absolutely fantastic, Extremely valuable.
It changes the way we look at SRE. Suresh was BEST instructor you could ask for, more importantly,
he was helping with real world problems based on his experiences.

Praveen PatilSenior Engineering Manager at Lowe's Companies, Inc.