Overview
Syllabus
Intro
ShipFast Delivery Service
Client Complexity Spurs API Growth
Ship Raider Shipper's Edge
Transport Layer Security
Man in the Middle Attack
Certificate Pinning
Pinning Upkeep
Rate Limiting and Load Shedding
Behavioral API Security
Add Request Signing
App Hardening Approaches
Calculate Secret at Runtime
How They Broke the HMAC
OAuth2 Overview
Abstract Protocol Flow
Outh2 Code Grant Flow
OAuth2 Proof of Key Code Exchange (PKCE)
Multiple API Services
API Proxy Pattern
App Integrity Measurement
Dynamic Pinning
Strengthening OAuth2 Flow
Architecture Pattern
Conclusion
Additional References
Taught by
OWASP Foundation