API exploitation and data exposure risks drove the focus of CEH Compete’s May challenge.
Tampa, Fla, June 12, 2025: EC-Council, a global leader in cybersecurity education and training, and creator of the world-renowned Certified Ethical Hacker (CEH) credential, launched its May CEH Compete CEH Compete Challenge by addressing one of today’s most urgent and overlooked cyber threats: the insecurity of APIs. As APIs increasingly become the backbone of digital platforms, the vulnerabilities have created critical entry points for adversaries, demanding a new level of vigilance and defense from cybersecurity professionals.
In May’s challenge, participants encountered a simulated environment where critical APIs responsible for authentication, financial transactions, and customer data retrieval had been left vulnerable. Attackers exploited broken authentication mechanisms, manipulated poorly enforced rate limits, and injected malicious payloads into open API endpoints, attempting to escalate privileges and exfiltrate sensitive information. Participants needed to conduct thorough API reconnaissance, uncover broken object-level authorizations, and defend against API-based injection and mass data exposure attacks.
The challenge was crafted at an advanced exploitation difficulty level, replicating the multi-step API attack sequences used by sophisticated adversaries today. Participants had to analyze poorly documented APIs, identify over-permissive data exposure, and secure access control flaws; all while operating under time-constrained attack escalation conditions. Success demanded a nuanced understanding of API security misconfigurations combined with agile incident response capabilities tailored to dynamic application ecosystems.
According to the CEH Threat Report 2024, 62% of cybersecurity professionals identified APIs as the biggest source of vulnerabilities within their organizations. The May edition of CEH Compete challenge made it clear that APIs, while powerful enablers of business innovation, have become critical entry points for attackers when improperly secured.
Heitor Magnani, Brazil distinguished themselves by systematically mapping vulnerable APIs, neutralizing injection attempts, and deploying secure validation mechanisms to fortify exposed endpoints.
API vulnerabilities not only open direct paths to sensitive information but also expose entire interconnected systems to lateral attacks. As enterprises expand their reliance on cloud-native applications and microservices, securing APIs becomes a vital layer of defense against data theft, ransomware propagation, and service disruption.
Through CEH Compete, EC-Council continues to offer cybersecurity professionals an unparalleled platform to practice, sharpen, and validate the skills needed to protect digital ecosystems worldwide.
For more information about CEH Compete or to register for future challenges, please visit https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh-compete/
