Category

June 12, 2025

EC-Council’s CEH Compete Challenge Confronts the Growing Threat of API Vulnerabilities 

API exploitation and data exposure risks drove the focus of CEH Compete’s May challenge. Tampa, Fla, June 12, 2025: EC-Council, a global leader in cybersecurity education and training, and creator of the world-renowned Certified Ethical Hacker (CEH) credential, launched its May CEH Compete CEH Compete Challenge by addressing one of today’s most urgent and overlooked cyber threats: the insecurity of APIs. As APIs increasingly become the backbone of digital platforms, the vulnerabilities have created critical entry points for adversaries, demanding a new level of vigilance and defense from cybersecurity professionals. In May’s challenge, participants encountered a simulated environment where critical APIs responsible for authentication, financial transactions, and customer data retrieval had been left vulnerable. Attackers exploited broken authentication mechanisms, manipulated poorly enforced rate limits, and injected malicious payloads into open API endpoints, attempting to escalate privileges and exfiltrate sensitive information. Participants needed to conduct thorough API reconnaissance, uncover broken object-level authorizations, and defend against API-based injection and mass data exposure attacks. The challenge was crafted at an advanced exploitation difficulty level, replicating the multi-step API attack sequences used by sophisticated adversaries today. Participants had to analyze poorly documented APIs, identify over-permissive data exposure, and secure access control flaws; all while operating under time-constrained attack escalation conditions. Success demanded a nuanced understanding of API security misconfigurations combined with agile incident response capabilities tailored to dynamic application ecosystems. According to the CEH Threat Report 2024, 62% of cybersecurity professionals identified APIs as the biggest source of vulnerabilities within their organizations. The May edition of CEH Compete challenge made it clear that APIs, while powerful enablers of business innovation, have become critical entry points for attackers when improperly secured. Heitor Magnani, Brazil distinguished themselves by systematically mapping vulnerable APIs, neutralizing injection attempts, and deploying secure validation mechanisms to fortify exposed endpoints. API vulnerabilities not only open direct paths to sensitive information but also expose entire interconnected systems to lateral attacks. As enterprises expand their reliance on cloud-native applications and microservices, securing APIs becomes a vital layer of defense against data theft, ransomware propagation, and service disruption. Through CEH Compete, EC-Council continues to offer cybersecurity professionals an unparalleled platform to practice, sharpen, and validate the skills needed to protect digital ecosystems worldwide. For more information about CEH Compete or to register for future challenges, please visit https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh-compete/

Read article
Strengthen-Women’s-Participation-in-Cybersecurity
EC-Council Continues Its Initiative-Driven Momentum, Supporting CyberSHE to Strengthen Women’s Participation in Cybersecurity

Kuwait, 12 June 2025: The cybersecurity industry continues to evolve rapidly, demanding a skilled and diverse talent pipeline to address growing threats. In a strategic effort to expand access to world-class cybersecurity education across the Middle East, EC-Council, the global leader in cybersecurity training and the creator of the world-renowned Certified Ethical Hacker (CEH) credential, has partnered with CyberSHE to deliver impactful technical training and career development opportunities for aspiring women professionals across the region. CyberSHE, an initiative by Women in CyberSecurity Middle East (WiCSME), was launched at Kuwait College of Science and Technology (KCST). The initiative brings together leaders from government, academia, and industry to deliver focused training, mentorship, and structured career pathways for women seeking to build technical capability and pursue careers in cybersecurity. By equipping more women with cutting-edge skills, the program is helping to unlock new perspectives and build stronger, more inclusive cyber teams across the region. “Cybersecurity is one of the fastest-growing fields in the world, and the Middle East holds extraordinary untapped potential. At EC-Council, we see education as a catalyst for transformation. Through CyberSHE, we are opening the door to global-standard training, mentorship, and new career pathways for women across the region. This initiative represents the kind of purposeful collaboration that creates lasting opportunity. We are honored to support it, and we believe it is just the beginning of a much larger movement to shape the future of cyber talent in the region.” said Jay Bavisi, Group President, EC-Council CyberSHE is a four-week program built around EC-Council’s internationally respected certifications. Participants undertake technical training through the Certified Cybersecurity Technician (CCT), Certified Network Defender (CND), and Certified SOC Analyst (CSA) programs. The hands-on, lab-driven curriculum is delivered over three weeks and is followed by a structured set of career-readiness modules that include mentorship, soft skills development, and industry insights. Dr. Reem Faraj AlShammari, Chairperson of WiCSME, added: “CyberSHE is more than just a program, it represents the power of collective efforts in action. Through CyberSHE, we are uniting key pillars of our society to create a generation of empowered, job-ready women professionals in cybersecurity. By building skilled workforce, the program is directly boosting the National Cyber readiness (Strategic Workforce Development), and is strategically positioned to improve the entire region’s Global Cybersecurity Index rankings.” Following its launch in Kuwait, CyberSHE will expand to the United Arab Emirates, Saudi Arabia, Oman, Bahrain, Jordan, and Qatar. Over the next three years, the program aims to train 1,500 women, helping to strengthen national cyber capabilities and promote more inclusive workforce participation. This partnership reflects EC-Council’s global mission to make cybersecurity education accessible, relevant, and transformative. By supporting initiatives like CyberSHE, EC-Council continues to shape pathways that empower women, elevate careers, and contribute to a safer digital future. About EC-Council:  EC-Council is the creator of the world-renowned Certified Ethical Hacker (CEH) program and a leader in cybersecurity education. Founded in 2001, EC-Council’s mission is to provide high-quality training and certifications for cybersecurity professionals to keep organizations safe from cyber threats. EC-Council offers over 200 certifications and degrees in various cybersecurity domains, including forensics, security analysis, threat intelligence, and information security.     An ISO/IEC 17024 accredited organization, EC-Council has certified over 350,000 professionals worldwide, with clients ranging from government agencies to Fortune 100 companies. EC-Council is the gold standard in cybersecurity certification, trusted by the U.S. Department of Defense, the Army, Navy, Air Force, and leading global corporations.     For more information, visit: www.eccouncil.org 

Read article