Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
API Security for White Hat Hackers

You're reading from   API Security for White Hat Hackers Uncover offensive defense strategies and get up to speed with secure API implementation

Arrow left icon
Product type Paperback
Published in Jun 2024
Publisher Packt
ISBN-13 9781800560802
Length 418 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Confidence Staveley Confidence Staveley
Author Profile Icon Confidence Staveley
Confidence Staveley
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Understanding API Security Fundamentals FREE CHAPTER
2. Chapter 1: Introduction to API Architecture and Security 3. Chapter 2: The Evolving API Threat Landscape and Security Considerations 4. Chapter 3: OWASP API Security Top 10 Explained 5. Part 2: Offensive API Hacking
6. Chapter 4: API Attack Strategies and Tactics 7. Chapter 5: Exploiting API Vulnerabilities 8. Chapter 6: Bypassing API Authentication and Authorization Controls 9. Chapter 7: Attacking API Input Validation and Encryption Techniques 10. Part 3: Advanced Techniques for API Security Testing and Exploitation
11. Chapter 8: API Vulnerability Assessment and Penetration Testing 12. Chapter 9: Advanced API Testing: Approaches, Tools, and Frameworks 13. Chapter 10: Using Evasion Techniques 14. Part 4: API Security for Technical Management Professionals
15. Chapter 11: Best Practices for Secure API Design and Implementation 16. Chapter 12: Challenges and Considerations for API Security in Large Enterprises 17. Chapter 13: Implementing Effective API Governance and Risk Management Initiatives 18. Index 19. Other Books You May Enjoy

Exploring the API Security Top 10

To help you better understand and remember the OWASP API Security Top 10 2023 list, we’ll group them into four groups: problems with authorization and authentication, abuse of resources and requests, problems with configuration and management, and integration and risks from third parties:

Figure 3.1 – Mapping OWASP API Top 10 2023 risks to core categories

Figure 3.1 – Mapping OWASP API Top 10 2023 risks to core categories

This broad categorization allows us to zoom out to see the broad risks associated with security APIs. Now, let’s discuss each risk.

OWASP API 1 – Broken Object Level Authorization

Imagine that you live in an apartment building where everyone has a mailbox with a key. You can normally only open your mailbox using your key. However, one day, you realize that your key can unlock not just your mailbox, but also the mailbox of your neighbor, the mailbox of the person three floors above, and so on. In this scenario, let’s switch the...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image