Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The API Assessment Primer

OWASP Foundation via YouTube

Overview

Explore the fundamentals of API security assessment in this 39-minute conference talk from AppSecEU 2015 in Amsterdam. Delve into why API security is crucial and often overlooked, learn key considerations for API testing, and discover common vulnerabilities. Gain insights on developer tips, information leakage prevention, and mobile app security. Examine topics such as hidden functionality, access control, transport security, and injection concerns. Understand the importance of fuzzing, parameter validation, and API key management. Conclude with takeaways on implementing least privilege and valuable resources for further learning in API security.

Syllabus

Introduction
Agenda
Greg Patton Introduction
Why is API security important
Security is often overlooked
Key things to consider
Things to collect
Two key things
HTTP
Common Things
Testing Steps
Developer Tips
Information Leakage
RSA Mobile
Review API Responses
Mobile App Example
Things to Consider
Hidden Functionality
Other Verbs
Protection
Access Control
Transport Security
Injection Concerns
Fuzzing
Validate Parameters
Manage API Keys
Mobile Application Assessment
Key Management
Takeaways
Least Privilege
Resources
Contact Greg
References
Questions

Taught by

OWASP Foundation

Reviews

Start your review of The API Assessment Primer

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.