API Security with the OWASP API Security Top 10

Focused View

Chris Behrens

1:59:42

42 View

1. Course Overview

1. Course Overview.mp4

01:51

2. Understanding the OWASP API Security Top 10

1. Using the OWASP API Security Top 10.mp4

05:48

2. Metrics behind the Top 10 Risks.mp4

04:43

3. Broken Object Level Authorization

1. Understanding Broken Object Level Authorization.mp4

01:52

2. Object Level Attacks.mp4

03:27

3. Demo - Broken Object Level Attacks.mp4

02:44

4. Examining Defenses.mp4

02:10

4. Broken Authentication

1. Understanding Broken Authentication.mp4

01:47

2. Password Based Attacks and Defenses.mp4

05:34

3. Other Attacks and Defenses.mp4

04:51

4. Demo - Common JWT Attacks.mp4

03:47

5. Broken Object Property Level Authorization

1. Understanding Broken Object Property Level Authorization.mp4

02:14

2. Object Property Attacks and Defenses.mp4

02:19

3. Demo - Exploiting Object Properties.mp4

02:48

6. Unrestricted Resource Consumption

1. Unrestricted Resource Consumption Attacks.mp4

04:04

2. Defenses for Resource Consumption.mp4

03:22

7. Broken Function Level Authorization

1. Attacking Broken Function Level Authorization.mp4

03:19

2. Demo - Exploiting Broken Function Level Authorization.mp4

02:39

3. Defenses.mp4

03:23

8. Unrestricted Access to Sensitive Business Flows

1. Sensitive Business Flows and Potential Attacks.mp4

03:53

2. Demo - Attacking an Unrestricted Business Flow.mp4

02:21

3. Business Flow Defenses.mp4

03:47

9. Server-side Request Forgery

1. Understanding Server-side Request Forgery.mp4

03:59

2. Demo - Forging Requests from the Server.mp4

02:36

3. SSRF Defenses.mp4

03:13

10. Security Misconfiguration

1. Misconfiguration and Patching.mp4

03:31

2. HTTP Request Chain Misconfigurations.mp4

02:26

3. Server Environment Misconfigurations.mp4

03:16

4. Misconfiguration in the API and Response Chain.mp4

06:54

11. Improper Inventory Management

1. Understanding Improper Inventory Management.mp4

03:18

2. Demo - Deprecated Functionality.mp4

02:15

3. Attacks and Defenses.mp4

05:33

12. Unsafe Consumption of APIs

1. Understanding Unsafe Consumption of APIs.mp4

02:44

2. API Consumption Attacks.mp4

01:53

3. API Consumption Defenses.mp4

05:21

Description

This course will teach you about unique vulnerabilities faced by web-based APIs and the defenses you’ll need to protect them.

What You'll Learn?

APIs are becoming increasingly common. They’re used in everything from web applications to smart devices. The more popular they become, the more attention they attract from hackers. If you’re creating an API then you need to know how to keep it secure. In this course, API Security with the OWASP API Security Top 10, you’ll learn to identify and defend against the most common API security vulnerabilities. First, you’ll explore individual vulnerabilities and the potential problems they can cause. Next, you’ll discover how attackers find and exploit those vulnerabilities. Finally, you’ll learn how to add defenses for each vulnerability. When you’re finished with this course, you’ll have the skills and knowledge of the top 10 API vulnerabilities needed, to create a secure, resilient API.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Penetration Testing

Chris Behrens

Instructor's Courses

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.