8 interactive modules · 40 min · knowledge checks + final assessment
Preview the course →Free interactive preview — no purchase requiredAbout this product
Built for backend developers, AppSec teams, and cloud engineers. Each OWASP API Top 10 risk is shown as a real HTTP request, the exploit, and the fixed handler — with knowledge checks throughout and a 12-question final assessment. Includes the downloadable API Security Checklist job aid and tokenized customization for your security team's contact info and reporting path.
What's included
- 8 modules (~40 min total) as HTML5
- Vulnerable-vs-fixed code examples in JavaScript and HTTP
- Knowledge checks throughout, 12-question final assessment
- Downloadable API Security Checklist job aid (HTML)
- Customizable security team contact, reporting path, and policy links
- SCORM export — coming soon
Who it's for
- Backend & API developers
- Application security teams
- Cloud engineers responsible for API gateways
- Engineering managers running secure-coding programs
Available formats
Responsive, self-contained course — works on any device. Includes knowledge checks and a scored final assessment.
SCORM 1.2 & 2004 package for your LMS (Workday, Cornerstone, Docebo, Litmos, and more) — tracks completion and assessment scores.
Licensing
Single-organization license. Unlimited engineers within one company. Edit copy and add your brand.
Related products
Secure Developer Training: AI Coding Risks
A 45-minute course for engineers using AI coding assistants — without shipping vulnerabilities.
Secure AI Use Starter Kit
Everything you need to launch a Secure AI Use program in 30 days — policy, rollout playbook, comms, and a CEO-ready exec summary. No writing from scratch.