APIsec University

This has been a question I've received numerous times after posting a blog about the ASCP certification from APIsec University/APIsec. The biggest question I get is, "How do I prepare for this certification? Any help?" Well, let's learn something together! Today, at 5:30 PM EST on the MRE Security YouTube Channel, I will be showcasing the ASCP, what to expect, and how to prepare for this difficult exam. Our example application will be VulnBank by Al-Amir Badmus. This is an intentionally vulnerable application that has a TON of API vulnerabilities to play with. The APISEC Certified Professional is one of the most challenging API certifications on the market. Created by Corey J. Ball, it makes you think outside the box and helps you understand how to read documentation. This is BY FAR one of the most interesting and realistic exams I've ever taken. Come hang out with me tonight at 5:30 PM EST and learn how to pass! Livestream Link is in the description. Have you taken the ASCP exam? Let me know your thoughts in the comments section. #cyber #apisec #pentesting #methodology

I wrote the CASA exam yesterday. After finishing the CyberSafe Foundation API program, I just wanted to see if what I learned actually stayed with me. So I took the exam. And I passed. I’m glad I did it. Not even just because I passed, but because of what it showed me. It’s one thing to go through a course. It’s another thing to sit down, think through questions, and realize you actually understand what’s going on. That part matters to me. Because that’s the real work. Still learning. Still exploring. Still trying to get better at API security one step at a time. (And yes… you can say congratulations 😊) 𝗧𝗛𝗜𝗦 𝗜𝗦𝗡’𝗧 𝗝𝗨𝗦𝗧 𝗖𝗢𝗡𝗧𝗘𝗡𝗧 𝗜𝗧’𝗦 𝗛𝗢𝗪 𝗜 𝗟𝗘𝗔𝗩𝗘 𝗣𝗥𝗢𝗢𝗙 𝗢𝗙 𝗧𝗥𝗨𝗦𝗧 𝗕𝗘𝗛𝗜𝗡𝗗 — 𝗚𝗟𝗢𝗥𝗬 𝗢𝗗𝗘𝗟𝗜

Most people learn bug bounty from theory. Very few get to see how real targets are approached — from recon to exploitation. This Wednesday, we’re hosting a live session with Rere Ayodele on: “Discovery & Exploitation of Vulnerabilities in Real Bounty Programs” You’ll see: - How attackers approach real targets (asset discovery → attack surface) - Where vulnerabilities like BOLA/IDOR, BFLA, exposed keys, and subdomain takeovers actually show up - A live walkthrough of an active finding from discovery to proof of concept This isn’t a slide-based session — it’s a real attacker workflow. If you’re getting into bug bounty or API security, this session is for you! 📅 Join us: April 22, 2026 at 12 PM ET 🔗 Event link: https//https://lnkd.in/gsbeHbbw Have you ever attended any of the Bugbounty Wednesday sessions before? Let us know your experience in the comments! #BugBounty #APISecurity #CyberSecurity #EthicalHacking #OWASP

Yesterday, I had a conversation with Jess Freeman and Affan Ali from APIsec University/APIsec, and it reminded me of something. Our conversation consisted of posting on LinkedIn and breaking into the field. As many of you know, I’ve grown my LinkedIn by posting different concepts I’ve learned during my time as a penetration tester. But what makes a post good? How does it go “viral”? That’s when I thought, why don’t I share my methodology for branding and how you can begin growing your own personal brand. You see, the idea behind MRE Security is to give back as much as possible to the community. Not just through penetration testing, but also professional concepts that can eventually land you a job! So tonight, at 6:30 PM EST, I will be live streaming my journey into the field of cybersecurity, and how to grow a PERSONAL brand from the ground up. This isn’t just talking and you listening, this will be an INTERACTIVE session, where we dive into my methodology and thought process when building a brand. My story is unique and I’m excited to share it with you all tonight!! If you’re interested, make sure to join! Hope to see you all there! Livestream link is in the comments section. Have you started building your personal brand? If so, what have you done so far? Let me know in the comments! #cybersecurity #pentesting #personal #branding

APIs power nearly every web and mobile application today, and they now account for more than 80% of internet traffic. They have also become one of the most attractive targets for attackers. We are excited to share our upcoming session on API Security tomorrow, where we have guest speaker Dan Barahona discuss why attackers love APIs, walk through real-world breaches and how they map to the OWASP API Security Top 10, and cover practical best practices organizations can use to reduce risk and prevent breaches. If your team builds, manages, or secures APIs, this will be a valuable conversation. #APISecurity #Cybersecurity #InfoSec #ApplicationSecurity #OWASP #CloudSecurity #SecurityAwareness #ISC2 #Houstonevents #Houstonnetworking

Houston-based folks - I’m doing an API security workshop for the Houston ISC2 Chapter tomorrow. It’s virtual, so please join if you can. Nick Pawelczyk is building a great chapter and I recommend getting involved if you’re in the area.

I am pleased to share MRE Security is sponsoring the CTF@CIT competition happening April 17-19. We have created a few challenges for all of you and I’m excited to see how people solve them!! Come sign up and join!!