YoVDO

Common API Security Pitfalls

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses Authorization Courses API Security Courses API Development Courses Session Management Courses JWT (JSON Web Tokens) Courses

Course Description

Overview

Explore common API security pitfalls and best practices in this 53-minute conference talk by Philippe De Ryck. Delve into the evolution of API landscapes and the challenges of protecting access to REST APIs in JavaScript and mobile applications. Learn about crucial security features, potential vulnerabilities, and actionable advice to address security problems. Discover how to assess API security, implement best practices, and improve future implementations. Cover topics such as underprotected APIs, over-exposed data, authorization failures, client-side session data mishandling, JWT key management issues, and the importance of compartmentalization. Gain valuable insights to enhance the security of your APIs and prevent unauthorized access to user accounts and sensitive data.

Syllabus

Intro
A10 Underprotected APIs
OVER-EXPOSING API DATA
LACK OF PROPER AUTHORIZATION
FAILURE TO AUDIT THE AUTHORIZATION POLICY
MISHANDLING CLIENT-SIDE SESSION DATA
MISTAKING JWTS FOR SESSIONS
LACK OF PROPER JWT KEY MANAGEMENT
Cookie: ID=42
UNDERESTIMATING THE IMPACT OF SESSION TRANSPORT
FAILURE TO COMPARTMENTALIZE


Taught by

NDC Conferences

Related Courses

Health Informatics: Data and Interoperability Standards
Georgia Institute of Technology via edX Fractal Architecture
NDC Conferences via YouTube Strangling the Monolith - Applied Patterns & Practices from the Trenches
NDC Conferences via YouTube Refactoring Is Not Just Clickbait
NDC Conferences via YouTube Amazing Algorithms for Solving Problems in Software
NDC Conferences via YouTube