Defending APIs

Get up to speed with API security using this comprehensive guide full of best practices on how to build safer and secure APIs

Key Features

• Gain a deep understanding of the inner working of APIs with a sharp focus on security
• Learn the tools and techniques of API security testers and hackers by building your own hacking laboratory
• Master the art of building rugged APIs with shift-left and shield-right approaches covering the API lifecycle

Book Description

API adoption continues to grow exponentially, but with it, so do security concerns about their implementation and inherent vulnerabilities. If you want to learn more about building, deploying, and managing APIs as your company's first line of cyber defense, then this book is for you. Written by a DevSecOps expert with a wealth of experience, API Security: Attack and Defense Techniques meets the needs of tackling API security with innovative approaches and techniques designed to tackle API-specific safety concerns.

The opening chapters are dedicated to API building blocks, hacking APIs using vulnerabilities, and case studies of recent breaches, while the rest of the book focuses on helping you build the skills needed to secure APIs in practice. Through step-by-step instructions, you'll learn offensive methods for testing vulnerabilities, attacking, and exploiting APIs. Then you'll switch sides and learn about effective defense techniques to secure against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you're learning in practice, alongside in-depth insights and plenty of best practices that will help you build better APIs from the ground up.

By the end of this book, you'll be able to build secure APIs and test them for various API cyber threats.

What you will learn

• Explore the core elements of APIs and how they're used in combination to build APIs
• Understand the OWASP API Security Top 10 and the root causes of insecure APIs
• Gain real-world insight into recent high profile API security breaches with practical examples and analysis
• Dive into offensive techniques by learning how to exploit APIs for learning or bug bounty programs
• Use shift-left approaches to build APIs that are secure-by-design
• Learn how to defend against common API vulnerabilities across several frameworks and languages like .NET, Python, Java, and others

Who This Book Is For

This book is for API developers, software architects, blue-teams, or anyone who wants to get a solid grasp of building secure APIs and microservices. This book is also for pen-testers, bug bounty hunters, and red-teams wanting to understand tools and methods for attacking and exploiting APIs You'll need basic knowledge of software and security to understand the attack vector and defensive techniques explained in the book, but aside from that, you'll get by with a thorough understanding of API security.

Table of Contents

1. What Is API Security?
2. Understanding APIs
3. Common vulnerabilities
4. Case Studies of Recent Breaches
5. Foundations of attacking APIs
6. Discovering APIs
7. Attacking APIs
8. Getting started with bug bounties
9. Shift-left for API security
10. Defending against common vulnerabilities
11. Securing your frameworks and languages
12. Runtime protection
13. Securing microservices