APIs now account for 80% of total Internet
traffic, from the cloud to your fridge. While APIs
bring new ways of developing and distributing
applications, they also introduce new ways for
malicious actors to attack enterprise systems.
In this course, you will learn how to identify
security issues in your APIs, mitigate them
with the proper security measures, and
design your APIs for maximum efficiency and
minimum exposure to risk. You will reinforce
your learning using theoretical lectures,
demos, quizzes, and secure design practices
with realistic case studies and 40+ hands-on
exercises.
You will start the course with API basics, core
components of API architecture, and ways
to interact with the APIs. Once you learn
the fundamentals, you will gain hands-on
experience with a series of realistic attack
scenarios like Server Side Request Forgery,
Broken Authentication, Broken Access Control
issues, Injection attacks, Privilege escalation,
and Security misconfigurations.
Developers, architects, and security
professionals tasked with designing and
building secure APIs will benefit immensely
from this course. This course imparts
professionals with deep knowledge of API
security, adopting modern security practices
and automation to secure APIs with appropriate
techniques, catching security issues before they
become critical, and alerting relevant engineers
in real-time.
The course also prepares you for the Practical
DevSecOps Certified API Security Professional
(CASP), a vendor-neutral certification program
designed to assess an IT professional's API
security expertise.
Learning Objectives
1. Identify, exploit, and protect against a wide variety of API security vulnerabilities.
2. Gain a practical understanding of API Security and the tools for automation.
3. Understand and implement the modern ways of scaling API Security Testing.
4. Gain abilities to audit APIs for security measures and provide solutions.
5. Understand, assess, and secure APIs written in different architecture styles.
6. Learn new ways to secure APIs through automation, and DevSecOps practices.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.