Zero Trust APIs with Python

Explore the critical aspects of API security in this 28-minute conference talk from EuroPython 2024. Delve into the concept of Zero Trust Security for APIs, focusing on robust data validation and sanitization across all data flows. Learn how API design and implementation choices impact security, and discover techniques to identify and address vulnerabilities. Examine practical examples of SQL injection, mass assignment, big payload attacks, and pagination attacks, understanding how URL parameters and request payloads can become potential attack vectors. Gain insights into using tools like schemathesis and Spectral for automating and scaling vulnerability detection in APIs. Familiarize yourself with key concepts such as API Security by Design, Shift-Left API Security, and Zero Trust APIs, equipping you with the knowledge to effectively secure your Python-based APIs against the most significant threats in today's internet landscape.