00 — Overview

APIs & Modern Web Apps

Most vulnerabilities today live in APIs, not web pages. Learn how REST APIs and GraphQL work, how they're authenticated, and what to look for when testing them.

Beginner·35 min·5 tasks

// By the end of this module

→Understand REST API design and how to interact with JSON endpoints

→Read API documentation and map all exposed routes

→Identify the difference between REST and GraphQL attack surfaces

→Use curl and browser DevTools to probe API responses manually

// Prerequisites

Foundation · Beginner

How the Web Works

45 min

→