Defending APIs: Uncover advanced defense techniques to craft secure application programming interfaces

Defending APIs: Uncover advanced defense techniques to craft secure application programming interfaces book cover

Defending APIs: Uncover advanced defense techniques to craft secure application programming interfaces

Author(s): Colin Domoney (Author)

  • Publisher: Packt Publishing
  • Publication Date: 9 Feb. 2024
  • Language: English
  • Print length: 384 pages
  • ISBN-10: 1804617121
  • ISBN-13: 9781804617120

Book Description

Get up to speed with API security using this comprehensive guide full of best practices for building safer and secure APIs

Key Features

  • Develop a profound understanding of the inner workings of APIs with a sharp focus on security
  • Learn the tools and techniques employed by API security testers and hackers, establishing your own hacking laboratory
  • Master the art of building robust APIs with shift-left and shield-right approaches, spanning the API lifecycle
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Along with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges.

The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios.

Guided by clear step-by-step instructions, you’ll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you’re learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up.

By the end of this book, you’ll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs.

What you will learn

  • Explore the core elements of APIs and their collaborative role in API development
  • Understand the OWASP API Security Top 10, dissecting the root causes of API vulnerabilities
  • Obtain insights into high-profile API security breaches with practical examples and in-depth analysis
  • Use API attacking techniques adversaries use to attack APIs to enhance your defensive strategies
  • Employ shield-right security approaches such as API gateways and firewalls
  • Defend against common API vulnerabilities across several frameworks and languages, such as .NET, Python, and Java

Who this book is for

This book is for application security engineers, blue teamers, and security professionals looking forward to building an application security program targeting API security. For red teamers and pentesters, it provides insights into exploiting API vulnerabilities. API developers will benefit understanding, anticipating, and defending against potential threats and attacks on their APIs. While basic knowledge of software and security is required to understand the attack vectors and defensive techniques explained in the book, a thorough understanding of API security is all you need to get started.

Table of Contents

  1. What Is API Security?
  2. API Access Control
  3. Understanding Common API Vulnerabilities
  4. Case Studies of Recent Breaches
  5. Foundations of Attacking APIs
  6. Discovering APIs
  7. Attacking APIs
  8. Shift-Left for API Security
  9. Defending against Common Vulnerabilities
  10. Securing Your Frameworks and Languages
  11. Shield-Right for APIs with Runtime Protection
  12. Securing Microservices
  13. Implementing an API Security Strategy

Editorial Reviews

Review

“As someone who has dedicated a career to advocating for secure software design, I find Colin’s approach in this book particularly compelling. He bridges the gap between understanding the problem and implementing effective solutions, making this book a valuable resource for both security professionals and software developers alike.

Defending APIs is a journey through the complexities of API security, guided by a seasoned expert. Colin’s work here is not just informative; it’s inspiring, pushing us to think differently about how we protect this important glue that holds together our shared digital infrastructure.

In a time where digital security is paramount, this book serves as a beacon, guiding the way toward a more secure digital future. I highly recommend it to anyone who’s serious about understanding and implementing API security in their organization.”

Chris Wysopal, Veracode co-founder and CTO

“When we started 42Crunch, we had to convince people APIs were a new attack target and, more importantly, a different attack target. Architectures based on APIs are different and, as such, you need new ways to protect them. The traditional protection measures at the edge of the network and vulnerability detection via code analysis at the end of the development cycle simply won’t work and won’t scale for API-based applications.

Fast-forward five years and API security is now one of the hottest topics in IT, with every enterprise realizing they need to work diligently to secure their API development lifecycle.

Colin has helped numerous 42Crunch customers build a strategy toward developing rugged APIs and authored our API security maturity model. His experience, looking at the issue both from an attacker and defender perspective, is condensed into his book. Should you be a CISO building a new security program for APIs or a developer trying to understand how to build better, resilient APIs, this book is for you.

I wish you a great journey securing your APIs, with Defending APIs by your side!”

Isabelle Mauny, 42Crunch co-founder and CTO2)

About the Author

Colin Domoney (BSc. MSc. CSSLP, CEH) is an API Security Research Specialist and Developer Advocate with deep expertise in the development of secure software. As VP of AppSec, he took on the challenge of securing software on a large scale and running the global AppSec program at Deutsche Bank. At Veracode, as an evangelist, he produces countless webinars, and blog posts, and speak globally at conferences. Currently, he has embraced the challenge of securing APIs with 42Crunch where he has produced the API industry’s first security maturity model and contributed to numerous webinars, talks, and blogs. Currently, he is working on the industry’s first defensive API developer training course. He is also the curator of the APISecurity weekly newsletter.

View on Amazon

未经允许不得转载:Wow! eBook » Defending APIs: Uncover advanced defense techniques to craft secure application programming interfaces