Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

API Security 101 by Sadako

Bugcrowd via YouTube

Overview

Explore API security fundamentals in this 21-minute conference talk from LevelUp 0x03. Dive into primary domains of API security, examining notable examples of security flaws for each. Learn basic methodology for testing and fuzzing services by approaching with educated guesses about backend operations. Discover two major bugs, including their discovery methodology and impact. Gain insights into common API security issues, access controls, input validation, rate limiting, HTTP method restrictions, and third-party API abuse. Examine real-world case studies involving Panera Bread, German eld System, Discord, and Duda Mobile. Perfect for beginners with some intermediate concepts, this talk provides a comprehensive introduction to API security testing and vulnerability discovery.

Syllabus

Intro
Common API Security Issues
Access Controls
Access Control Bugs
Access Control Bug - Panera Bread
Input Validation Bugs
Input Validation Bug - German eld System
Input Validation - Fuzzing
Rate Limiting
Restricting HTTP Methods
3rd Party API Abuse
Discord Bug - Concepts
Discord Bug - Methodology
Example Request
Discord Bug - Impact
Duda Mobile - Concepts
Duda Mobile - Impact
Follow Up

Taught by

Bugcrowd

Reviews

Start your review of API Security 101 by Sadako

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.