API Security in Action video edition
Focused View
20:11:06
73 View
001 - Part 1. Foundations.mp4
01:29
002 - Chapter 1 What is API security.mp4
11:14
003 - Chapter 1 What is an API.mp4
07:03
004 - Chapter 1 API security in context.mp4
09:09
005 - Chapter 1 Elements of API security.mp4
12:26
006 - Chapter 1 Environments and threat models.mp4
08:12
007 - Chapter 1 Security mechanisms.mp4
12:48
008 - Chapter 1 Audit logging.mp4
09:32
009 - Chapter 2 Secure API development.mp4
06:16
010 - Chapter 2 Implementation overview.mp4
06:53
011 - Chapter 2 Developing the REST API.mp4
08:55
012 - Chapter 2 Injection attacks.mp4
09:10
013 - Chapter 2 Preventing injection attacks.mp4
09:34
014 - Chapter 2 Input validation.mp4
13:37
015 - Chapter 2 Producing safe output.mp4
10:21
016 - Chapter 2 Preventing XSS.mp4
10:05
017 - Chapter 3 Securing the Natter API.mp4
09:40
018 - Chapter 3 Rate-limiting with Guava.mp4
06:00
019 - Chapter 3 Authentication to prevent spoofing.mp4
07:45
020 - Chapter 3 Creating the password database.mp4
06:37
021 - Chapter 3 Authenticating users.mp4
05:30
022 - Chapter 3 Using encryption to keep data private.mp4
11:34
023 - Chapter 3 Audit logging for accountability.mp4
08:35
024 - Chapter 3 Access control.mp4
12:27
025 - Chapter 3 Adding new members to a Natter space.mp4
07:45
026 - Part 2. Token-based authentication.mp4
01:06
027 - Chapter 4 Session cookie authentication.mp4
08:29
028 - Chapter 4 Serving the HTML from the same origin.mp4
08:13
029 - Chapter 4 Drawbacks of HTTP authentication.mp4
05:19
030 - Chapter 4 Token-based authentication.mp4
10:49
031 - Chapter 4 Session cookies.mp4
10:21
032 - Chapter 4 Cookie security attributes.mp4
10:09
033 - Chapter 4 Preventing Cross-Site Request Forgery attacks.mp4
09:42
034 - Chapter 4 Hash-based double-submit cookies.mp4
06:49
035 - Chapter 4 Double-submit cookies for the Natter API.mp4
11:07
036 - Chapter 4 Building the Natter login UI.mp4
07:07
037 - Chapter 4 Implementing logout.mp4
06:18
038 - Chapter 5 Modern token-based authentication.mp4
08:57
039 - Chapter 5 Adding CORS headers to the Natter API.mp4
09:02
040 - Chapter 5 Tokens without cookies.mp4
13:24
041 - Chapter 5 The Bearer authentication scheme.mp4
06:27
042 - Chapter 5 Storing tokens in Web Storage.mp4
06:04
043 - Chapter 5 Updating the CORS filter.mp4
08:28
044 - Chapter 5 Hardening database token storage.mp4
12:48
045 - Chapter 5 Protecting sensitive attributes.mp4
10:44
046 - Chapter 6 Self-contained tokens and JWTs.mp4
05:50
047 - Chapter 6 JSON Web Tokens.mp4
09:24
048 - Chapter 6 The JOSE header.mp4
07:09
049 - Chapter 6 Generating standard JWTs.mp4
06:52
050 - Chapter 6 Encrypting sensitive attributes.mp4
07:59
051 - Chapter 6 Authenticated encryption with NaCl.mp4
05:41
052 - Chapter 6 Encrypted JWTs.mp4
09:21
053 - Chapter 6 Using a JWT library.mp4
05:53
054 - Chapter 6 Using types for secure API design.mp4
06:24
055 - Chapter 6 Handling token revocation.mp4
11:44
056 - Part 3. Authorization.mp4
01:59
057 - Chapter 7 OAuth2 and OpenID Connect.mp4
11:47
058 - Chapter 7 The difference between scopes and permissions.mp4
07:35
059 - Chapter 7 Introducing OAuth2.mp4
13:37
060 - Chapter 7 The Authorization Code grant.mp4
13:23
061 - Chapter 7 Hardening code exchange with PKCE.mp4
07:07
062 - Chapter 7 Validating an access token.mp4
11:19
063 - Chapter 7 Securing the HTTPS client configuration.mp4
11:16
064 - Chapter 7 JWT access tokens.mp4
13:50
065 - Chapter 7 Encrypted JWT access tokens.mp4
06:06
066 - Chapter 7 Single sign-on.mp4
09:09
067 - Chapter 7 Hardening OIDC.mp4
12:06
068 - Chapter 8 Identity-based access control.mp4
08:39
069 - Chapter 8 LDAP groups.mp4
05:57
070 - Chapter 8 Role-based access control.mp4
07:38
071 - Chapter 8 Static roles.mp4
09:49
072 - Chapter 8 Attribute-based access control.mp4
06:16
073 - Chapter 8 Implementing ABAC decisions.mp4
08:49
074 - Chapter 8 Distributed policy enforcement and XACML.mp4
11:13
075 - Chapter 9 Capability-based security and macaroons.mp4
09:53
076 - Chapter 9 Capabilities and REST.mp4
07:20
077 - Chapter 9 Capabilities as URIs.mp4
10:46
078 - Chapter 9 Using capability URIs in the Natter API.mp4
09:01
079 - Chapter 9 HATEOAS.mp4
09:44
080 - Chapter 9 Capability URIs for browser-based clients.mp4
10:49
081 - Chapter 9 Hardening capability URIs.mp4
06:11
082 - Chapter 9 Macaroons Tokens with caveats.mp4
08:22
083 - Chapter 9 A macaroon token store.mp4
12:02
084 - Chapter 9 Third-party caveats.mp4
10:48
085 - Part 4. Microservice APIs in Kubernetes.mp4
01:30
086 - Chapter 10 Microservice APIs in Kubernetes.mp4
11:03
087 - Chapter 10 Deploying Natter on Kubernetes.mp4
05:00
088 - Chapter 10 Building H2 database as a Docker container.mp4
11:32
089 - Chapter 10 Deploying the database to Kubernetes.mp4
10:50
090 - Chapter 10 Building the Natter API as a Docker container.mp4
08:05
091 - Chapter 10 The link-preview microservice.mp4
10:35
092 - Chapter 10 Preventing SSRF attacks.mp4
12:02
093 - Chapter 10 DNS rebinding attacks.mp4
05:33
094 - Chapter 10 Securing communications with TLS.mp4
07:09
095 - Chapter 10 Using a service mesh for TLS.mp4
11:11
096 - Chapter 10 Locking down network connections.mp4
08:35
097 - Chapter 10 Securing incoming requests.mp4
11:49
098 - Chapter 11 Securing service-to-service APIs.mp4
06:39
099 - Chapter 11 The OAuth2 client credentials grant.mp4
10:07
100 - Chapter 11 The JWT bearer grant for OAuth2.mp4
11:15
101 - Chapter 11 Generating the JWT.mp4
07:37
102 - Chapter 11 Mutual TLS authentication.mp4
11:44
103 - Chapter 11 Verifying client identity.mp4
07:56
104 - Chapter 11 Using a service mesh.mp4
10:43
105 - Chapter 11 Certificate-bound access tokens.mp4
12:57
106 - Chapter 11 Managing service credentials.mp4
12:14
107 - Chapter 11 Key and secret management services.mp4
10:55
108 - Chapter 11 Avoiding long-lived secrets on disk.mp4
05:04
109 - Chapter 11 Key derivation.mp4
08:51
110 - Chapter 11 Service API calls in response to user requests.mp4
09:02
111 - Chapter 11 OAuth2 token exchange.mp4
09:10
112 - Chapter 11.OAuth2 token exchange.mp4
06:17
113 - Part 5. APIs for the Internet of Things.mp4
01:31
114 - Chapter 12 Securing IoT communications.mp4
06:20
115 - Chapter 12 Datagram TLS.mp4
07:06
116 - Chapter 12 Datagram TLS.mp4
10:28
117 - Chapter 12 Datagram TLS.mp4
07:05
118 - Chapter 12 Cipher suites for constrained devices.mp4
05:46
119 - Chapter 12 Cipher suites for constrained devices.mp4
06:53
120 - Chapter 12 Cipher suites for constrained devices.mp4
06:21
121 - Chapter 12 Pre-shared keys.mp4
08:47
122 - Chapter 12 The PSK client.mp4
10:07
123 - Chapter 12 End-to-end security.mp4
08:23
124 - Chapter 12 COSE.mp4
07:58
125 - Chapter 12 Alternatives to COSE.mp4
07:08
126 - Chapter 12 Misuse-resistant authenticated encryption.mp4
06:23
127 - Chapter 12 Misuse-resistant authenticated encryption.mp4
07:45
128 - Chapter 12 Key distribution and management.mp4
09:20
129 - Chapter 12 Ratcheting for forward secrecy.mp4
05:00
130 - Chapter 12 Post-compromise security.mp4
11:31
131 - Chapter 13 Securing IoT APIs.mp4
07:22
132 - Chapter 13 Device certificates.mp4
09:00
133 - Chapter 13 End-to-end authentication.mp4
09:34
134 - Chapter 13 OSCORE.mp4
13:52
135 - Chapter 13 Avoiding replay in REST APIs.mp4
12:17
136 - Chapter 13 OAuth2 for constrained environments.mp4
06:42
137 - Chapter 13 OAuth2 for constrained environments.mp4
07:26
138 - Chapter 13 Offline access control.mp4
05:18
139 - Chapter 13 Offline authorization.mp4
07:30
More details
User Reviews
Rating
average 0
Focused display
Category
O'Reilly
View courses O'ReillyO'Reilly Media is an American learning company established by Tim O'Reilly that publishes books, produces tech conferences, and provides an online learning platform. Its distinctive brand features a woodcut of an animal on many of its book covers.
- language english
- Training sessions 139
- duration 20:11:06
- Release Date 2023/11/06
