API Security (OWASP API Top 10)

This course is designed to address the unique security challenges faced by APIs. Covering the OWASP API Top 10 vulnerabilities, the course equips participants with skills to test APIs for common weaknesses such as broken object-level authorization, excessive data exposure, and injection attacks. Practical exercises will focus on real-world API security scenarios, using tools like Postman and Burp Suite to secure API communications.

Key Learning Outcomes:

• Understand the OWASP API Top 10 risks and their impact.
• Test APIs for vulnerabilities like broken authentication, improper rate limiting, and data exposure.
• Use tools like Postman, Burp Suite, and Insomnia for API security testing.
• Implement best practices for API security, including secure authentication and input validation.

Detailed OWASP API Top 10:

• API1: Broken Object Level Authorization
• API2: Broken Authentication
• API3: Excessive Data Exposure
• API4: Lack of Resources & Rate Limiting
• API5: Broken Function Level Authorization
• API6: Mass Assignment
• API7: Security Misconfiguration
• API8: Injection
• API9: Improper Assets Management
• API10: Insufficient Logging & Monitoring