APISec CASA Certified
I recently received APISec’s CASA (Certified API Security Analyst) certification and in this post I explain my feelings and experience. In this post I’ll share some details about the exam, my preparation and some advices for you.
APISec CASA in brief
APISec University is an organization that provides free courses and training specialized on API security. In my honest opinion nowadays is the best option for enhancing your knowledge on API hacking. It helped more than 80k students and at the time of writing offers 9 courses:
- API Penetration Testing
- API Security Fundamentals
- OWASP API Top 10 and beyond
- API Documentation best practices
- API Security for PCI Compliance
- API Security for Connected cars and fleets
- Securing API Servers
- API Gateway Security Best Practices
- API Authentication
- Securing LLM & NLP APIs (Coming Soon)
In order to prepare for CASA (Certified API Security Analyst) certification I recommend two courses: API Security Fundamentals and OWASP API Top 10 and beyond. These two courses are enough to pass the CASA exam.
APISec CASA exam
The CASA exam is designed to test your expertise in API security threats, risks, and best practices. Students are expected to have completed the OWASP API Security and Beyond! course before attempting to earn the CASA certification.
- Exam format: 100 multiple choice questions / 2 hours
- Certification criteria: Students must answer 80%+ correct
- Study material: OWASP API Security Top 10 and Beyond! course
- Price: $125 (exam retakes are $75)
- Schedule the exam on your own time
APISec CASA tips and tricks
- Don’t understimate the exam, it looks easy but it isn’t
- Focus on the text of the question, certain times you can get some clue reading the question carefully
- Don’t try to rush, use all the time you have
- APISec courses are your friends
In the end I have to say that it’s a good exam, I would recommend it to anyone who wants to understand the fundamental concepts and the basics of API Security. It is very useful to have an in-depth idea of what the API Security is and why it is useful.
If you have any doubt or just want to ask me something, ping me at the email address below.