About Us

About Us - API Security Guide
Home About Us
About This Blog

API Security Guide

48+ in-depth guides on API security, web vulnerabilities, ethical hacking, and hands-on cybersecurity research — written by MCA student and practical security researcher from India.

👨‍💻

Amardeep Maroli

Cybersecurity Researcher · MCA Student · 6+ Months Hands-On Experience · Kerala, India

Who I Am

My name is Amardeep Maroli. I'm an MCA student based in Kerala, India, with 6+ months of hands-on cybersecurity research and practical experience. I've published 48+ in-depth technical guides on API security, web vulnerabilities, ethical hacking, and penetration testing — based on real lab work, not theory.

I'm not a corporate security firm or a content agency. I'm a researcher actively working through labs on TryHackMe, PortSwigger Web Security Academy, and HackTheBox — testing real vulnerabilities, writing security tools in Python, and documenting everything I learn. Everything on this blog comes from hands-on practice and actual security research, not copied content.

This blog exists because when I was learning cybersecurity, most resources were either too surface-level or so jargon-heavy that they assumed prior expertise. I built API Security Guide to fill that gap — practical guides written for learners by someone actively learning.

48+
Technical Guides Published
6+
Months Hands-On Research
100%
Original Research & Content

My Experience & Credentials

Education: MCA in Computer Science (ongoing), Kerala, India

Hands-On Experience:

  • 6+ months of active cybersecurity research and practical testing
  • Completed structured labs on TryHackMe (ethical hacking, web security, networking)
  • Completed courses and labs on PortSwigger Web Security Academy (SQL injection, XSS, authentication, API vulnerabilities)
  • Active learner on HackTheBox (penetration testing, real-world scenarios)
  • Bug bounty researcher on platforms [specify if applicable: HackerOne, Bugcrowd, Intigriti, etc.]
  • Real-world security testing (network analysis, WiFi security research, vulnerability discovery)
  • Open-source security projects on GitHub (automation scripts, security tools)

Areas of Focus: API security, web application vulnerabilities, network security, ethical hacking methodology, penetration testing, Python security automation.

Why I Started This Blog

When I first got interested in cybersecurity, I was overwhelmed. The field is enormous — network security, web application security, cloud security, penetration testing, bug bounty, malware analysis — and finding a clear path through it as a learner in India felt nearly impossible.

Most YouTube videos stopped at the surface. Most blog posts were recycled from other sources. Paid courses cost more than I could justify. I spent months piecing together knowledge from scattered sources before things started to click.

I started API Security Guide so the next person learning wouldn't have to go through the same frustrating process. Every post here is written with one goal: to genuinely explain a concept based on hands-on research, not just fill a page with keywords.

"I only publish what I've tested myself and genuinely understand through practice." That's the standard I hold every post on this blog to before publishing.

What This Blog Covers

API Security Guide focuses on practical, hands-on cybersecurity with three main areas:

🔐

API & Web Security

API vulnerabilities, authentication flaws, injection attacks, CORS misconfigurations — real examples from labs and security research.

🎯

Ethical Hacking & Pentesting

Hands-on methodology, tools like Burp Suite and Nmap, lab walkthroughs you can follow on TryHackMe and HackTheBox.

🐍

Security Automation

Python scripts for reconnaissance, automation, and custom security tools — understanding attack tools to defend against them.

🧭

Career & Learning

Realistic learning roadmaps, lab recommendations, career guidance, and honest advice on breaking into cybersecurity from India.

Who This Blog Is For

This blog is written for:

  • Complete beginners who want to understand cybersecurity fundamentals and how to get started with practical labs
  • Computer science or IT students in India curious about the security track and wanting to know what real skills matter
  • Developers and programmers who want to understand how applications get exploited so they can write secure code
  • Aspiring bug bounty hunters who want to master fundamentals before targeting real applications
  • Self-taught learners without access to formal training who are motivated to learn independently

You don't need a computer science degree to follow along. You don't need expensive tools or high-end hardware. You need curiosity, patience, and willingness to practice with free labs. This blog provides the rest.

Tools & Platforms I Use

Everything I write about is based on actual practice with real tools and platforms:

  • Burp Suite Community Edition — intercepting traffic, testing web applications, discovering injection points
  • OWASP ZAP — automated scanning and understanding vulnerability detection
  • TryHackMe — structured labs and CTF-style challenges
  • PortSwigger Web Security Academy — deep-dive labs on API and web vulnerabilities
  • HackTheBox — real-world penetration testing scenarios
  • Postman and curl — API testing and REST security
  • Kali Linux and Parrot OS — practice environments
  • Python — custom security scripts and automation
  • GitHub — publishing tools, documenting research

Connect With Me

You can find my projects and follow along on these platforms:

⚙️ GitHub ✈️ Telegram ✉️ Email

On GitHub you'll find my open-source security tools, Python automation scripts, and lab walkthroughs. On Telegram I share quick security tips, resource recommendations, and new post updates.

⚠️ Important — Educational Use Only

All security testing techniques, vulnerability examples, and hacking methods on this blog are discussed strictly for educational and ethical purposes. Always obtain written permission before testing any system you don't own. Unauthorized access to computer systems is illegal under the Indian IT Act and international laws. This blog does not encourage or endorse any illegal activity.

About This Content

Every post on API Security Guide is written personally by me based on hands-on research. I do not outsource writing, do not publish AI-generated content without substantial original addition, and do not copy from other sources. Each guide is tested in real labs before publishing.

If you spot an error or have a correction, please reach me through the contact page. I'll correct it and credit you if you'd like. Cybersecurity evolves fast, and older posts get updated when information changes.

Frequently Asked Questions

Is this blog suitable for complete beginners?
Yes. Most posts assume no prior cybersecurity knowledge and explain the "why" before the "how." If a post requires prior knowledge, it will say so and link to prerequisite guides.

Do you accept guest posts?
Occasionally, for high-quality, original, technically accurate content based on hands-on research. Reach out through the contact page. I don't accept promotional content or posts not based on practical knowledge.

Can I use your content for learning or teaching?
You're welcome to reference and link to any post. For substantial content reuse, please contact me first.

How often do you publish?
I publish new guides regularly. Quality takes priority — I won't publish anything that isn't genuinely useful and based on hands-on testing.

Want to get in touch? Visit the Contact Us page — I read every message personally. · Privacy Policy · Disclaimer

Comments

Post a Comment

Popular posts from this blog

SQL Injection Explained: 5 Types, Real Examples & How to Prevent It (2026 Guide)

Image
What Is SQL Injection? Complete 2026 Guide — How It Works, Real Attack Examples, Types & Prevention With Code What Is SQL Injection? Complete 2026 Guide — How It Works, Real Attack Examples, Every Type & Prevention Code By Amardeep Maroli | April 8, 2026 | SQL Injection, Web Security, Developer Guide | 16 min read Home About Contact 🎯 Why I'm Writing This Guide — My Personal Learning Journey Who I Am: MCA student from Kerala, India • Commerce background (NOT computer science) • No IT job experience • Learning cybersecurity through hands-on labs Why This Post Exists: Three months ago, I was stuck on a PortSwigger SQL injection lab. For 2.5 hours I kept trying random payloads without understanding the underlying query structure. At 11:47 PM I made the decision to go back and understand the QUERY LOGIC first — what was the backend code actually trying...
Read more

Penetration Testing Guide: Real-World Methodology (Recon to Exploitation) [2026]

Image
What is Penetration Testing? Complete Beginner Guide 2026 — How It Works, Types, Tools & Career What is Penetration Testing? Complete Beginner Guide 2026 — How It Works, All Types, Real Tools & Career Roadmap By Amardeep Maroli  |  April 10, 2026  |  Penetration Testing, Ethical Hacking, Cybersecurity  |  16 min read Home About Contact 🎯 Why I'm Writing This Guide — My Personal Learning Journey Who I Am: MCA student from Kerala, India • Commerce background (NOT computer science) • No IT job experience • Learning pentesting through hands-on labs Why This Post Exists: My first penetration testing attempt took 3 hours. I was testing a vulnerable web application in a lab. My goal: find all vulnerabilities and document them in a report. I found exactly 2 vulnerabilities in 3 hours: an SQL injection and an XSS. I was proud. ...
Read more

Phishing Scams in 2026: How They Work & How to Avoid Them

Image
What is Phishing? Types, Real Examples & How to Spot Every Attack (2026 Guide) What is Phishing? Every Type Explained with Real Examples & How to Spot Every Attack (Complete 2026 Guide) By Amardeep Maroli  |  April 9, 2026  |  Phishing, Social Engineering, Cybersecurity  |  15 min read Home About Contact 🎯 Why I'm Writing This Guide — My Personal Learning Journey Who I Am: MCA student from Kerala, India • Commerce background (NOT computer science) • No IT job experience • Learning cybersecurity through hands-on experience Why This Post Exists: Six months ago, I sent myself a phishing email as part of security awareness testing. My own email address. Subject line: "Urgent: Verify Your Credentials." It mimicked PayPal perfectly. I clicked the link. Before clicking, I thought I could spot phishing easily. Grammar mistakes. ...
Read more