Common API Security Pitfalls
Offered By: NDC Conferences via YouTube
Course Description
Overview
Explore common API security pitfalls and best practices in this 53-minute conference talk by Philippe De Ryck. Delve into the evolution of API landscapes and the challenges of protecting access to REST APIs in JavaScript and mobile applications. Learn about crucial security features, potential vulnerabilities, and actionable advice to address security problems. Discover how to assess API security, implement best practices, and improve future implementations. Cover topics such as underprotected APIs, over-exposed data, authorization failures, client-side session data mishandling, JWT key management issues, and the importance of compartmentalization. Gain valuable insights to enhance the security of your APIs and prevent unauthorized access to user accounts and sensitive data.
Syllabus
Intro
A10 Underprotected APIs
OVER-EXPOSING API DATA
LACK OF PROPER AUTHORIZATION
FAILURE TO AUDIT THE AUTHORIZATION POLICY
MISHANDLING CLIENT-SIDE SESSION DATA
MISTAKING JWTS FOR SESSIONS
LACK OF PROPER JWT KEY MANAGEMENT
Cookie: ID=42
UNDERESTIMATING THE IMPACT OF SESSION TRANSPORT
FAILURE TO COMPARTMENTALIZE
Taught by
NDC Conferences
Related Courses
Health Informatics: Data and Interoperability StandardsGeorgia Institute of Technology via edX Fractal Architecture
NDC Conferences via YouTube Strangling the Monolith - Applied Patterns & Practices from the Trenches
NDC Conferences via YouTube Refactoring Is Not Just Clickbait
NDC Conferences via YouTube Amazing Algorithms for Solving Problems in Software
NDC Conferences via YouTube