YoVDO

The API Assessment Primer

Offered By: OWASP Foundation via YouTube

Tags

API Security Courses Penetration Testing Courses Access Control Courses Web Application Security Courses Injection Attacks Courses Fuzzing Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the fundamentals of API security assessment in this 39-minute conference talk from AppSecEU 2015 in Amsterdam. Delve into why API security is crucial and often overlooked, learn key considerations for API testing, and discover common vulnerabilities. Gain insights on developer tips, information leakage prevention, and mobile app security. Examine topics such as hidden functionality, access control, transport security, and injection concerns. Understand the importance of fuzzing, parameter validation, and API key management. Conclude with takeaways on implementing least privilege and valuable resources for further learning in API security.

Syllabus

Introduction
Agenda
Greg Patton Introduction
Why is API security important
Security is often overlooked
Key things to consider
Things to collect
Two key things
HTTP
Common Things
Testing Steps
Developer Tips
Information Leakage
RSA Mobile
Review API Responses
Mobile App Example
Things to Consider
Hidden Functionality
Other Verbs
Protection
Access Control
Transport Security
Injection Concerns
Fuzzing
Validate Parameters
Manage API Keys
Mobile Application Assessment
Key Management
Takeaways
Least Privilege
Resources
Contact Greg
References
Questions


Taught by

OWASP Foundation

Related Courses

Designing RESTful APIs
Udacity API Design and Fundamentals of Google Cloud's Apigee API Platform
Google Cloud via Coursera API Development on Google Cloud's Apigee API Platform
Google Cloud via Coursera API Security on Google Cloud's Apigee API Platform
Google Cloud via Coursera Developing APIs with Google Cloud's Apigee API Platform
Google Cloud via Coursera