APIs Secure CodingHands-on approach
APIs Secure Coding
Following a hands-on approach, attendees will be guided into exploiting the ten most common API security risks according to the OWASP API Security Top 10. The security issues will be discussed in-depth, also covering the mitigation. API protocol-specific security issues will be addressed and discussed to cover the most common API protocols. Training sessions are delivered by a security practitioner and OWASP project leader.
API developers, DevSecOps, Pentesters, and systems integrators
- Introduction to the Open Web Application Security Project (OWASP), the OWASP API Security Project, and the OWASP API Top 10
- The HTTP protocol and how APIs work on top of it
For each of the ten most common API security risks (according to the OWASP API Top 10):
- Exploit the vulnerability
- Discuss the security issue, impact, and how to mitigate the risk GraphQL-specific security risks
What You’ll Learn
- Relevant OWASP projects and how to use them to write secure code
- HTTP protocol fundamentals and how APIs work on top of it
- In-depth knowledge of the ten most common API security risks
- API protocol-specific risks (e.g. GraphQL)
- How threat agents exploit APIs vulnerabilities: tools and techniques
- How to avoid the most common API security issues
What are you waiting for? Get in touch to schedule your training session.
Presential / Online
Individual/Up to 10 persons
With a bachelor's degree in Computer Sciences and 15+ years developing software, in the last 8+ years, Paulo has been focused on security research, ethical hacking, and penetration testing. He is a long-term OWASP volunteer and project leader, being one of those responsible for the OWASP API Security Top 10. He has co-/authored several secure coding practices manuals such as the OWASP Go Secure Coding Practices and the Kotlin Secure Coding Practices guide.