| Description |
1 online resource |
| Contents |
Cover -- Title Page -- Copyright and Credits -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: Foundations of API Security -- Chapter 1: What Is API Security? -- Why API security is important -- The growth of the API economy -- APIs are popular with developers -- APIs are increasingly popular with attackers -- Your existing tools do not work well for APIs -- Developers often lack an understanding of API security -- Exploring API building blocks -- Rate limiting -- Cryptography -- Hashes, HMACs, and signatures -- Transport security -- Encoding |
|
Examining API data formats -- Understanding the elements of API security -- DevOps -- SAST, DAST, SCA, and WAFs -- API management and gateways -- API security platforms -- Setting API security goals -- The three pillars of security -- Abuse and misuse cases -- Data governance -- A positive security model -- Risk-based methodology -- Summary -- Further reading -- Chapter 2: Understanding APIs -- Understanding HTTP fundamentals -- Uniform Resource Locator -- Requests -- Responses -- Methods -- Status codes -- Sessions -- Exploring the types of APIs -- REST -- GraphQL -- RPC -- SOAP -- WebSockets |
|
Access control -- No authentication -- HTTP authentication -- AWS keyed-HMAC authentication -- Session cookies -- API keys -- OAuth 2.0 -- Access control best practices and methods -- Using JWTs for claims and identity -- Summary -- Further reading -- Chapter 3: Understanding Common API Vulnerabilities -- The importance of vulnerability classification -- Exploring the Open Worldwide Application Security Project API Security Top 10 -- Object-level vulnerabilities -- Authentication vulnerabilities -- Function-level vulnerabilities -- Data vulnerabilities -- Configuration vulnerabilities |
|
Implementation vulnerabilities -- Vulnerabilities versus abuse cases -- Exploring abuse cases -- Business logic vulnerabilities -- Preview of the Open Worldwide Application Security Project API Security Top 10 2023 -- Summary -- Further reading -- Chapter 4: Investigating Recent Breaches -- The importance of learning from mistakes -- Examining 10 high-profile API breaches from 2022 -- 1-Global shipping company -- 2-Campus access control -- 3-Microbrewery application -- 4-Cryptocurrency portal -- 5-Dating application -- 6-The All in One SEO WordPress plugin -- 7-X account information leakage |
|
8-Home router -- 9-Remote access to two popular vehicles -- 10-Smart Scale -- Key takeaways and learning -- Summary -- Further reading -- Part 2: Attacking APIs -- Chapter 5: Foundations of Attacking APIs -- Technical requirements -- Understanding API attackers and their methods -- Interacting with APIs -- Finding API keys -- Enumeration and discovery of APIs -- Fuzzing API endpoints -- Attacking JWTs -- Mastering the tools of the trade -- CLI clients (HTTPie/cURL) -- Postman -- Browser tools -- Burp Suite -- Reverse proxies -- Learning the key skills of API attacking -- Building a laboratory |
| Summary |
Get up to speed with API security using this comprehensive guide full of best practices for building safer and secure APIs Key Features Develop a profound understanding of the inner workings of APIs with a sharp focus on security Learn the tools and techniques employed by API security testers and hackers, establishing your own hacking laboratory Master the art of building robust APIs with shift-left and shield-right approaches, spanning the API lifecycle Purchase of the print or Kindle book includes a free PDF eBook Book Description Along with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges. The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios. Guided by clear step-by-step instructions, you'll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you're learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up. By the end of this book, you'll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs. What you will learn Explore the core elements of APIs and their collaborative role in API development Understand the OWASP API Security Top 10, dissecting the root causes of API vulnerabilities Obtain insights into high-profile API security breaches with practical examples and in-depth analysis Use API attacking techniques adversaries use to attack APIs to enhance your defensive strategies Employ shield-right security approaches such as API gateways and firewalls Defend against common API vulnerabilities across several frameworks and languages, such as .NET, Python, and Java Who this book is for This book is for application security engineers, blue teamers, and security professionals looking forward to building an application security program targeting API security. For red teamers and pentesters, it provides insights into exploiting API vulnerabilities. API developers will benefit understanding, anticipating, and defending against potential threats and attacks on their APIs. While basic knowledge of software and security is required to understand the attack vectors and defensive techniques explained in the book, a thorough understanding of API security is all you need to get started |
| Subject |
Application program interfaces (Computer software)
|
|
APIs (interfaces)
|
| Genre/Form |
Electronic books
|
| Form |
Electronic book
|
| ISBN |
9781804613061 |
|
1804613061 |
|
