A Tour of API Underprotection

A Tour of API Underprotection

OWASP Foundation via YouTube Direct link

How They Broke the HMAC

14 of 26

14 of 26

How They Broke the HMAC

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

A Tour of API Underprotection

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 ShipFast Delivery Service
  3. 3 Client Complexity Spurs API Growth
  4. 4 Ship Raider Shipper's Edge
  5. 5 Transport Layer Security
  6. 6 Man in the Middle Attack
  7. 7 Certificate Pinning
  8. 8 Pinning Upkeep
  9. 9 Rate Limiting and Load Shedding
  10. 10 Behavioral API Security
  11. 11 Add Request Signing
  12. 12 App Hardening Approaches
  13. 13 Calculate Secret at Runtime
  14. 14 How They Broke the HMAC
  15. 15 OAuth2 Overview
  16. 16 Abstract Protocol Flow
  17. 17 Outh2 Code Grant Flow
  18. 18 OAuth2 Proof of Key Code Exchange (PKCE)
  19. 19 Multiple API Services
  20. 20 API Proxy Pattern
  21. 21 App Integrity Measurement
  22. 22 Dynamic Pinning
  23. 23 Strengthening OAuth2 Flow
  24. 24 Architecture Pattern
  25. 25 Conclusion
  26. 26 Additional References

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.