Cyber RangeApplication & API SecurityATCSecurity Transformation
Learning path

API Security Fundamentals with OWASP top 10

Skill Level
Fundamentals
Duration 3h 20m
Updated Jul 8, 2024

About this learning path

In today's digital age, Application Programming Interfaces (APIs) have become the backbone of modern software development. They allow different software systems to communicate with each other, enabling a wide range of functionalities from simple data retrieval to complex integrations. However, with the increasing reliance on APIs, the importance of securing them has never been greater. This course, "API Security Fundamentals with OWASP Top 10," is designed to equip you with the knowledge and skills necessary to identify, exploit, and defend against the most common API security vulnerabilities. Whether you are a developer, security professional, or simply interested in learning more about API security, this course will provide you with a comprehensive understanding of the OWASP API Security Top 10 vulnerabilities and how to mitigate them.

Your instructors

Shoaib Mohammed ShahapuriWorld Wide TechnologyTechnical Solutions Architect

Prerequisites

  1. It is recommended to go through the module "Automation Programming Interface (API) Fundamentals" covering "REST and GraphQL APIs" from WWT's "Automation Core Concepts" Learning Path.
  2. Basic understanding of web technologies (HTTP/HTTPS protocols).
  3. Familiarity with API tools (Postman, Burp Suite, FoxyProxy).
  4. Basic security concepts like understanding of common security principles (e.g., authentication, authorization, encryption).

What you'll learn

  1. Introduction to API Security: Understanding the importance of API security and the significance of the OWASP API Security Top 10 (API2023).
  2. OWASP API Security Top 10 (API2023) Vulnerabilities: Overview of the top 10 API security risks identified by OWASP for 2023.
  3. Practical Demonstrations: Using crAPI (Completely Ridiculous API) for real-world vulnerability examples and hands-on exercises.
  4. Tools and Techniques: Utilizing Postman, Burp Suite, and FoxyProxy for creating, testing, and securing APIs.
  1. 1. Understanding the OWASP API Top 10
    1. Enroll in this learning path to view locked contentModule 1 Overview
      Video
      Locked
    2. Enroll in this learning path to view locked contentIntroduction to API Security and OWASP's API Security Top 10
      Article
      Locked
    3. Enroll in this learning path to view locked contentUnderstanding OWASP API Security Top 10: Classification, Selection, and Metrics
      Article
      Locked
    4. Enroll in this learning path to view locked contentTools for Exploiting API Vulnerabilities
      Article
      Locked
  2. 2. Broken Object Level Authorization
    1. Enroll in this learning path to view locked contentModule 2 Overview
      Video
      Locked
    2. Enroll in this learning path to view locked contentExploring Broken Object Level Authorization (BOLA)
      Article
      Locked
    3. Enroll in this learning path to view locked contentUnderstanding Object Level Attacks
      Article
      Locked
    4. Enroll in this learning path to view locked contentAPI1:2023 Demonstrating BOLA Exploitation in crAPI
      Lab
      Locked
    5. Enroll in this learning path to view locked contentDemonstrating BOLA Exploitation in crAPI
      Video
      Locked
    6. Enroll in this learning path to view locked contentImplementing Effective Defenses against BOLA
      Article
      Locked
  3. 3. Broken User Authentication
    1. Enroll in this learning path to view locked contentModule 3 Overview
      Video
      Locked
    2. Enroll in this learning path to view locked contentExploring Broken User Authentication (BUA)
      Article
      Locked
    3. Enroll in this learning path to view locked contentBrute Force Attacks and Defenses
      Article
      Locked
    4. Enroll in this learning path to view locked contentUnderstanding and Implementing CAPTCHA for Enhanced Security
      Article
      Locked
    5. Enroll in this learning path to view locked contentMulti-Factor Authentication (MFA)
      Article
      Locked
    6. Enroll in this learning path to view locked contentHashing and Cryptography
      Article
      Locked
    7. Enroll in this learning path to view locked contentCredential Stuffing
      Article
      Locked
    8. Enroll in this learning path to view locked contentOther Attacks and Defenses in API Security
      Article
      Locked
    9. Enroll in this learning path to view locked contentAPI2:2023 Demonstrating BUA Exploitation in crAPI
      Lab
      Locked
    10. Enroll in this learning path to view locked contentDemonstrating BUA Exploitation in crAPI
      Video
      Locked
  4. 4. Upcoming Content
    1. Enroll in this learning path to view locked contentConclusion: Overview of Remaining API Security Vulnerabilities
      Article
      Locked
  5. 5. Conclusion
    1. Enroll in this learning path to view locked contentQuiz
      Quiz
      Locked
    2. Enroll in this learning path to view locked contentLearning Path Complete
      Achievement Badge
      Locked