Book Image

Defending APIs

By : Colin Domoney
Book Image

Defending APIs

By: Colin Domoney

Overview of this book

Along with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges. The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios. Guided by clear step-by-step instructions, you’ll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you’re learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up. By the end of this book, you’ll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs.
Table of Contents (19 chapters)
1
Part 1: Foundations of API Security
6
Part 2: Attacking APIs
10
Part 3: Defending APIs

Preview of the Open Worldwide Application Security Project API Security Top 10 2023

As mentioned earlier in this chapter, the Open Worldwide Application Security Project API Security Top 10 is undergoing changes to reflect the API threat landscape in 2023. At the time of writing, this update was still in a release candidate stage, with an ongoing request for comment (RFC) in place via the Open Worldwide Application Security Project GitHub repository (https://github.com/OWASP/API-Security/tree/master/editions/2023/en).

Let us take a quick look at the currently proposed Top 10, shown in summary here:

#

2019

2023

API1

Broken Object Level Authorization

Broken Object Level Authorization

API2

Broken User Authentication

Broken Authentication...