Introduction to the OWASP API Security Top 10

Students will learn about broken object level authorization, broken authentication, excessive data exposure, lack of resources and rate limiting, broken function level authorization, mass assignment, security misconfigurations, injection attacks, improper asset management, and insufficient logging and monitoring.

Target Audience

This course is targeted towards software engineers, but anyone can take the course.

Prerequisites

It is recommended that students have some software development experience and/or experience in at least one programming language, but coding skills are not required to complete this course.

Course Goals

By the end of this course, students should be able to:

• Understand the OWASP API Security Top 10
• Understand how to mitigate the OWASP Top 10
• Understand why API security is important

• Introduction
• Introduction
• OWASP API Security Top 10
• Security Fundamentals
• Who is OWASP?
• A1: Broken Object Level Authorization
• A2: Broken Authentication
• A3: Excessive Data Exposure
• A4: Lack of Resource and Rate Limiting
• A5: Broken Function Level Authorization
• A6: Mass Assignment
• A7: Security Misconfiguration
• Security Misconfiguration Lab Part 1
• Security Misconfiguration Lab Part 2
• Introduction To OWASP Top Ten: A6 - Security Misconfiguration - Scored
• A8: Injection
• Improper Assets Management
• A10: Insufficient Logging and Monitoring
• Insufficient Logging and Monitoring Lab
• Introduction To OWASP Top Ten: A10 - Insufficient Logging and Monitoring - Scored
• Conclusion
• Conclusion