Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

NDC Conferences

Common API Security Pitfalls

NDC Conferences via YouTube

Overview

Explore common API security pitfalls and best practices in this 53-minute conference talk by Philippe De Ryck. Delve into the evolution of API landscapes and the challenges of protecting access to REST APIs in JavaScript and mobile applications. Learn about crucial security features, potential vulnerabilities, and actionable advice to address security problems. Discover how to assess API security, implement best practices, and improve future implementations. Cover topics such as underprotected APIs, over-exposed data, authorization failures, client-side session data mishandling, JWT key management issues, and the importance of compartmentalization. Gain valuable insights to enhance the security of your APIs and prevent unauthorized access to user accounts and sensitive data.

Syllabus

Intro
A10 Underprotected APIs
OVER-EXPOSING API DATA
LACK OF PROPER AUTHORIZATION
FAILURE TO AUDIT THE AUTHORIZATION POLICY
MISHANDLING CLIENT-SIDE SESSION DATA
MISTAKING JWTS FOR SESSIONS
LACK OF PROPER JWT KEY MANAGEMENT
Cookie: ID=42
UNDERESTIMATING THE IMPACT OF SESSION TRANSPORT
FAILURE TO COMPARTMENTALIZE

Taught by

NDC Conferences

Reviews

Start your review of Common API Security Pitfalls

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.