APIs Secure Coding

Following a hands-on approach, attendees will be guided into exploiting the ten most common API security risks according to the OWASP API Security Top 10. The security issues will be discussed in-depth, also covering the mitigation. API protocol-specific security issues will be addressed and discussed to cover the most common API protocols. Training sessions are delivered by a security practitioner and OWASP project co-leader.

Target Audience

API developers, DevSecOps, Pentesters, and systems integrators

Training Program

Part 1

  • Introduction to the Open Web Application Security Project (OWASP), the OWASP API Security Project, and the OWASP API Top 10
  • The HTTP protocol and how APIs work on top of it

Part 2

For each of the ten most common API security risks (according to the OWASP API Top 10):

  • Exploit the vulnerability
  • Discuss the security issue, impact, and how to mitigate the risk GraphQL-specific security risks

What You’ll Learn

  • Relevant OWASP projects and how to use them to write secure code
  • HTTP protocol fundamentals and how Web Applications work on top of it
  • In-depth knowledge of the ten most common API security risks
  • API protocol-specific risks (e.g. GraphQL)
  • How threat agents exploit APIs vulnerabilities: tools and techniques
  • How to avoid the most common API security issues

What are you waiting for? Get in touch to schedule your training session.

Local

Online


Next session

TBD


Duration
8 Hours
Group Size

Individual/Up to 10 persons


Value

475€ (plus VAT if applicable)


Instructor

Paulo Silva

With a bachelor's degree in Computer Sciences and 15+ years developing software, in the last 8+ years, Paulo has been focused on security research, ethical hacking, and penetration testing. He is a long-term OWASP volunteer and project leader, being one of those responsible for the OWASP API Security Top 10. He has co-/authored several secure coding practices manuals such as the OWASP Go Secure Coding Practices and the Kotlin Secure Coding Practices guide.