This repository contains comprehensive lab reports and weekly study summaries from the CyberSafe API Security Training Program. The documentation captures technical testing, vulnerability analysis, and security assessments across multiple API security domains.
This repository is organized into twelve weeks of progressive API security learning:
- Week 1 - Introduction to API testing fundamentals
- Week 2 - JSON Web Token (JWT) authentication and analysis
- Week 3 - OWASP Top 10 API Security (Parts 1-3)
- Week 4 - OWASP Top 10 API Security and Beyond (Parts 4-10)
- Week 5 - Comprehensive review and feedback integration
- Weeks 6-12 - Advanced topics and specialized security assessments (Continuous updates)
- Lab Report on VampAPI - Vulnerability assessment of VampAPI application
- Lab Report on JSON Web Token Analysis - JWT security testing and attack vectors
- Summary Report on API Authentication - Authentication mechanisms and best practices
- Lab Report on VulnBank Part 1 - Banking API security vulnerabilities
- Summary Report on Top 10 API Security (1-3) - Analysis of vulnerabilities 1-3
- Lab Report on VulnBank Part 2 - Advanced vulnerability testing
- Summary Report on Top 10 API Security (4-10) - Analysis of vulnerabilities 4-10 and beyond
- Consolidated Review Report - Integrated feedback and recommendations from CyberSafe reviewers
Reports for weeks 6 through 12 will be added as the training progresses. Each week will continue to build upon previous learning, covering advanced API security topics and specialized assessments.
This section will be continuously updated throughout the 12-week training program.
The following security testing tools were utilized throughout the training:
- Postman - API testing and request automation
- Burp Suite - Web application security testing
- JWT.io - JWT token analysis and validation
- xJWT.io - Additional JWT debugging capabilities
- Visual Studio Code - Code review and documentation
- API authentication and authorization
- JSON Web Token vulnerabilities
- OWASP Top 10 API security risks
- Practical penetration testing techniques
- Security testing methodologies
Author: Falilat Owolabi (leogold)
Program: CyberSafe API Security Training
Last Updated: January 2026