The API Assessment Primer
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the fundamentals of API security assessment in this 39-minute conference talk from AppSecEU 2015 in Amsterdam. Delve into why API security is crucial and often overlooked, learn key considerations for API testing, and discover common vulnerabilities. Gain insights on developer tips, information leakage prevention, and mobile app security. Examine topics such as hidden functionality, access control, transport security, and injection concerns. Understand the importance of fuzzing, parameter validation, and API key management. Conclude with takeaways on implementing least privilege and valuable resources for further learning in API security.
Syllabus
Introduction
Agenda
Greg Patton Introduction
Why is API security important
Security is often overlooked
Key things to consider
Things to collect
Two key things
HTTP
Common Things
Testing Steps
Developer Tips
Information Leakage
RSA Mobile
Review API Responses
Mobile App Example
Things to Consider
Hidden Functionality
Other Verbs
Protection
Access Control
Transport Security
Injection Concerns
Fuzzing
Validate Parameters
Manage API Keys
Mobile Application Assessment
Key Management
Takeaways
Least Privilege
Resources
Contact Greg
References
Questions
Taught by
OWASP Foundation
Related Courses
Network SecurityGeorgia Institute of Technology via Udacity Proactive Computer Security
University of Colorado System via Coursera Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Hacker101
HackerOne via Independent CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent