APIs Secure Coding
Following a hands-on approach, attendees will be guided into exploiting the ten most common API security risks according to the OWASP API Security Top 10. The security issues will be discussed in-depth, also covering the mitigation. API protocol-specific security issues will be addressed and discussed to cover the most common API protocols. Training sessions are delivered by a security practitioner and OWASP project co-leader.
Target Audience
API developers, DevSecOps, Pentesters, and systems integrators
Training Program
Part 1
- Introduction to the Open Web Application Security Project (OWASP), the OWASP API Security Project, and the OWASP API Top 10
- The HTTP protocol and how APIs work on top of it
Part 2
For each of the ten most common API security risks (according to the OWASP API Top 10):
- Exploit the vulnerability
- Discuss the security issue, impact, and how to mitigate the risk GraphQL-specific security risks
What You’ll Learn
- Relevant OWASP projects and how to use them to write secure code
- HTTP protocol fundamentals and how Web Applications work on top of it
- In-depth knowledge of the ten most common API security risks
- API protocol-specific risks (e.g. GraphQL)
- How threat agents exploit APIs vulnerabilities: tools and techniques
- How to avoid the most common API security issues
What are you waiting for? Get in touch to schedule your training session.
Local
Online
Next session
TBD
Duration
8 HoursGroup Size
Individual/Up to 10 persons
Value
475€ (plus VAT if applicable)
Instructor
Paulo Silva
With a bachelor's degree in Computer Sciences and 15+ years developing software, in the last 8+ years, Paulo has been focused on security research, ethical hacking, and penetration testing. He is a long-term OWASP volunteer and project leader, being one of those responsible for the OWASP API Security Top 10. He has co-/authored several secure coding practices manuals such as the OWASP Go Secure Coding Practices and the Kotlin Secure Coding Practices guide.