APIs are crucial to the internet and their security is vital to both their creators and consumers. This course will teach you about each of the OWASP API Top 10 vulnerabilities, helping you to identify and prevent them in your APIs.
Application Programming Interfaces (APIs) form the foundation of numerous web technologies, including Software as a Service (SaaS), mobile applications, web applications, and Internet of Things (IoT). API security is critical to keep those services and their customers secure. In this course, OWASP Top 10: API Security Playbook, you’ll learn strategies and solutions to mitigate the ten most important vulnerabilities for APIs. First, you’ll explore the attack, seeing how a vulnerability can be exploited. Next, you’ll discover the impact of the attack, how it can affect the API, the business and its customers. Finally, you’ll learn how to mitigate the vulnerability, using a selection of common defenses to reduce the risk of an effective attack. When you’re finished with this course, you’ll have the skills and knowledge to help protect you from the top ten API vulnerabilities, the most critical vulnerabilities to your API.
Course Overview Hi, everyone. My name is Gavin Johnson‑Lynn, and welcome to my course, OWASP Top 10: API Security Playbook. I've worked in software development for over 20 years, and I'm currently an offensive security specialist, improving the security of software and the business around me. APIs are incredibly common on the internet, and they're on track to become the most frequent source of data breaches ahead of websites. Protecting your API from attack has never been more important. In this course, we're going to look at each of the entries in the OWASP API Security Top 10 so we can start to understand them and how they might affect your APIs. Some of the major topics that we'll cover include what each entry means to your API, common attacks, the various impacts that those attacks can do have, and useful defenses. By the end of this course, you will know about all of the entries in the top 10 and be able to identify where your API might be vulnerable. You'll learn what you need to give your API a strong, overlapping set of defenses. Before beginning the course, you should have some experience with APIs and sending requests to them. A basic understanding of this information should help you to understand the attacks and defenses we'll talk about. I hope you'll join me on this journey to learn API security with the OWASP Top 10: API security Playbook course, at Pluralsight.