Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1: Foundations of API Security

2. Chapter 1: What Is API Security? FREE CHAPTER

• Why API security is important
• Exploring API building blocks
• Examining API data formats
• Understanding the elements of API security
• Setting API security goals
• Summary
• Further reading

3. Chapter 2: Understanding APIs

• Understanding HTTP fundamentals
• Exploring the types of APIs
• Access control
• Using JWTs for claims and identity
• Summary
• Further reading

4. Chapter 3: Understanding Common API Vulnerabilities

• The importance of vulnerability classification
• Exploring the Open Worldwide Application Security Project API Security Top 10
• Vulnerabilities versus abuse cases
• Business logic vulnerabilities
• Preview of the Open Worldwide Application Security Project API Security Top 10 2023
• Summary
• Further reading

5. Chapter 4: Investigating Recent Breaches

• The importance of learning from mistakes
• Examining 10 high-profile API breaches from 2022
• Key takeaways and learning
• Summary
• Further reading

6. Part 2: Attacking APIs

7. Chapter 5: Foundations of Attacking APIs

• Technical requirements
• Understanding API attackers and their methods
• Mastering the tools of the trade
• Learning the key skills of API attacking
• Summary
• Further reading

8. Chapter 6: Discovering APIs

• Technical requirements
• Passive discovery
• Active discovery
• Implementation analysis
• Summary
• Further reading

9. Chapter 7: Attacking APIs

• Technical requirements
• Authentication attacks
• Authorization attacks
• Data attacks
• Injection attack
• Other API attacks
• Summary
• Further reading

10. Part 3: Defending APIs

11. Chapter 8: Shift-Left for API Security

• Technical requirements
• Using the OpenAPI Specification
• Leveraging the positive security model
• Conducting threat modeling of APIs
• Automating API security
• Thinking like an attacker
• Summary
• Further reading

12. Chapter 9: Defending against Common Vulnerabilities

• Technical requirements
• Authentication vulnerabilities
• Authorization vulnerabilities
• Data vulnerabilities
• Implementation vulnerabilities
• Protecting against unrestricted resource consumption
• Defending against API business-level attacks
• Summary
• Further reading

13. Chapter 10: Securing Your Frameworks and Languages

• Technical requirements
• Managing the design-first process in the real world
• Using code-generation tools
• Summary
• Further reading

14. Chapter 11: Shield Right for APIs with Runtime Protection

• Technical requirements
• Securing and hardening environments
• Using WAFs
• Using API gateways and API management
• API monitoring and alerting
• Selecting the correct protections for your APIs
• Summary
• Further reading

15. Chapter 12: Securing Microservices

• Technical requirements
• Summary
• Further reading

16. Chapter 13: Implementing an API Security Strategy

• Ownership of API security
• The 42Crunch maturity model
• Planning your program
• Running your program
• Your personal API security journey
• Summary
• Further reading

17. Index

• Why subscribe?

18. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book