YoVDO

Hacking and Defending APIs - Red and Blue Make Purple

Offered By: LASCON via YouTube

Tags

API Security Courses GraphQL Courses Penetration Testing Courses Application Security (AppSec) Courses Vulnerability Assessment Courses Reconnaissance Courses Fuzzing Courses

Course Description

Overview

Explore the world of API security in this comprehensive 53-minute conference talk from LASCON. Dive into the techniques attackers use against APIs, focusing on vulnerabilities like broken object level authorization (BOLA). Follow a typical API penetration testing methodology, examining each phase from both an attacker's and defender's perspective. Gain insights into why traditional AppSec approaches often fall short for APIs and learn proactive ways to catch attacks early. Cover key topics including API growth, gaps between AppSec and API security, fundamental areas of API security, reconnaissance methods, discovery techniques, and various active attacks. Explore bonus material on fuzzing, structural vs. data attacks, and GraphQL. Conclude with essential takeaways for both API testers and defenders, equipping you with a well-rounded understanding of API vulnerabilities and protection strategies.

Syllabus

Hacking and Defending APIs - Red and Blue make Purple. - Matt Tesauro


Taught by

LASCON

Related Courses

Exploring GraphQL: A Query Language for APIs
Linux Foundation via edX
Complete React Developer (w/ Redux, Hooks, GraphQL)
Udemy
Python Bootcamp: Learn, Code, Build
Udemy
The Modern GraphQL Bootcamp (with Node.js and Apollo)
Udemy
The complete NestJS developer. Enterprise Node.js framework
Udemy