Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Defending APIs
  • Table Of Contents Toc
  • Feedback & Rating feedback
Defending APIs

Defending APIs

By : Colin Domoney
4.3 (10)
Buy this Book
close
close
Defending APIs

Defending APIs

4.3 (10)
By: Colin Domoney
Buy this Book

Overview of this book

Along with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges. The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios. Guided by clear step-by-step instructions, you’ll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you’re learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up. By the end of this book, you’ll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs.
Table of Contents (19 chapters)
close
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Foundations of API Security
Part 1: Foundations of API Security
Free Chapter
2
Chapter 1: What Is API Security?
Chapter 1: What Is API Security?
Why API security is important
Exploring API building blocks
Examining API data formats
Understanding the elements of API security
Setting API security goals
Summary
Further reading
3
Chapter 2: Understanding APIs
Chapter 2: Understanding APIs
Understanding HTTP fundamentals
Exploring the types of APIs
Access control
Using JWTs for claims and identity
Summary
Further reading
4
Chapter 3: Understanding Common API Vulnerabilities
Chapter 3: Understanding Common API Vulnerabilities
The importance of vulnerability classification
Exploring the Open Worldwide Application Security Project API Security Top 10
Vulnerabilities versus abuse cases
Business logic vulnerabilities
Preview of the Open Worldwide Application Security Project API Security Top 10 2023
Summary
Further reading
5
Chapter 4: Investigating Recent Breaches
Chapter 4: Investigating Recent Breaches
The importance of learning from mistakes
Examining 10 high-profile API breaches from 2022
Key takeaways and learning
Summary
Further reading
6
Part 2: Attacking APIs
Part 2: Attacking APIs
7
Chapter 5: Foundations of Attacking APIs
Chapter 5: Foundations of Attacking APIs
Technical requirements
Understanding API attackers and their methods
Mastering the tools of the trade
Learning the key skills of API attacking
Summary
Further reading
8
Chapter 6: Discovering APIs
Chapter 6: Discovering APIs
Technical requirements
Passive discovery
Active discovery
Implementation analysis
Summary
Further reading
9
Chapter 7: Attacking APIs
Chapter 7: Attacking APIs
Technical requirements
Authentication attacks
Authorization attacks
Data attacks
Injection attack
Other API attacks
Summary
Further reading
10
Part 3: Defending APIs
Part 3: Defending APIs
11
Chapter 8: Shift-Left for API Security
Chapter 8: Shift-Left for API Security
Technical requirements
Using the OpenAPI Specification
Leveraging the positive security model
Conducting threat modeling of APIs
Automating API security
Thinking like an attacker
Summary
Further reading
12
Chapter 9: Defending against Common Vulnerabilities
Chapter 9: Defending against Common Vulnerabilities
Technical requirements
Authentication vulnerabilities
Authorization vulnerabilities
Data vulnerabilities
Implementation vulnerabilities
Protecting against unrestricted resource consumption
Defending against API business-level attacks
Summary
Further reading
13
Chapter 10: Securing Your Frameworks and Languages
Chapter 10: Securing Your Frameworks and Languages
Technical requirements
Managing the design-first process in the real world
Using code-generation tools
Summary
Further reading
14
Chapter 11: Shield Right for APIs with Runtime Protection
Chapter 11: Shield Right for APIs with Runtime Protection
Technical requirements
Securing and hardening environments
Using WAFs
Using API gateways and API management
API monitoring and alerting
Selecting the correct protections for your APIs
Summary
Further reading
15
Chapter 12: Securing Microservices
Chapter 12: Securing Microservices
Technical requirements
Summary
Further reading
16
Chapter 13: Implementing an API Security Strategy
Chapter 13: Implementing an API Security Strategy
Ownership of API security
The 42Crunch maturity model
Planning your program
Running your program
Your personal API security journey
Summary
Further reading
17
Index
Index
Why subscribe?
18
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

Preface

In today’s hyper-connected digital world, APIs are ubiquitous in providing the connecting tissue between systems and services. The growth of APIs continues at an exponential pace, with almost every developer either responsible for creating APIs of their own or consuming APIs as part of their solution. Unfortunately, attackers have shifted their focus to attacking APIs first, and the alarming rise in API incidents and breaches is testimony to the challenges developers face in producing APIs that are secure and robust.

This book is intended to be the primary reference for developers wishing to build secure APIs, and for security teams wanting to get a grip on the unique challenges of securing APIs. The book has a strong practical focus, with extensive code samples and tooling and references to real-world API breaches. The first part covers the basics of APIs and security, including common API vulnerabilities.

As a defender, it is essential to understand the methods of your adversaries, and I will guide you through the common skills and techniques employed by attackers. This will equip you with the skills to thoroughly test your APIs for common API weaknesses and vulnerabilities. The book addresses the full spectrum of API security, from pre-emptive secure-by-design practices as part of a shift-left approach to state-of-the-art runtime protection as part of a shield-right approach.

Finally, I draw on my experience of building large-scale software security programs to provide you with insights and strategies to establish and then mature your own API security programs.

Join me on this exciting journey into the world of API security and ensure that your APIs are never a point of weakness for attackers.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY