Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1: Understanding API Security Fundamentals FREE CHAPTER

2. Chapter 1: Introduction to API Architecture and Security

• Understanding APIs and their role in modern applications
• An overview of API security
• The basic components of API architecture and communication protocols
• Types of APIs and their benefits
• Common communication protocols and security considerations
• Summary
• Further reading

3. Chapter 2: The Evolving API Threat Landscape and Security Considerations

• A historical perspective on API security risks
• The modern API threat landscape
• Emerging trends in API security
• Lesson from a real-life API data breach
• Summary
• Further reading

4. Chapter 3: OWASP API Security Top 10 Explained

• OWASP and the API Security Top 10 – A timeline
• Exploring the API Security Top 10
• Summary
• Further reading

5. Part 2: Offensive API Hacking

6. Chapter 4: API Attack Strategies and Tactics

• Technical requirements
• API security testing – The essential toolset breakdown
• Overviewing and setting up Kali Linux on a virtual machine
• Using Burp Suite and proxy settings
• Summary
• Further reading

7. Chapter 5: Exploiting API Vulnerabilities

• Technical requirements
• Understanding API attack vectors
• Fuzzing and injection attacks on APIs
• Exploiting authentication and authorization vulnerabilities in APIs
• Summary

8. Chapter 6: Bypassing API Authentication and Authorization Controls

• Technical requirement
• Introduction to API authentication and authorization controls
• Bypassing user authentication controls
• Bypassing token-based authentication controls
• Bypassing API key authentication controls
• Bypassing role-based and attribute-based access controls
• Real-world examples of API circumvention attacks
• Summary
• Further reading

9. Chapter 7: Attacking API Input Validation and Encryption Techniques

• Technical requirements
• Understanding API input validation controls
• Techniques for bypassing input validation controls in APIs
• Introduction to API encryption and decryption mechanisms
• Techniques for evading API encryption and decryption mechanisms
• Case studies – Real-world examples of API encryption attacks
• Summary
• Further reading

10. Part 3: Advanced Techniques for API Security Testing and Exploitation

11. Chapter 8: API Vulnerability Assessment and Penetration Testing

• Understanding the need for API vulnerability assessment
• API reconnaissance and footprinting
• API scanning and enumeration
• API exploitation and post-exploitation techniques
• API vulnerability reporting and mitigation
• Summary
• Further reading

12. Chapter 9: Advanced API Testing: Approaches, Tools, and Frameworks

• Technical requirements
• Automated API testing with AI
• Large-scale API testing with parallel requests
• Advanced API scraping techniques
• Advanced fuzzing techniques for API testing
• API testing frameworks
• Summary
• Further reading

13. Chapter 10: Using Evasion Techniques

• Technical requirements
• Obfuscation techniques in APIs
• Injection techniques for evasion
• Using encoding and encryption to evade detection
• Steganography in APIs
• Polymorphism in APIs
• Detection and prevention of evasion techniques in APIs
• Summary
• Further reading

14. Part 4: API Security for Technical Management Professionals

15. Chapter 11: Best Practices for Secure API Design and Implementation

• Technical requirements
• Relevance of secure API design and implementation
• Designing secure APIs
• Implementing secure APIs
• Secure API maintenance
• Summary
• Further reading

16. Chapter 12: Challenges and Considerations for API Security in Large Enterprises

• Technical requirements
• Managing security across diverse API landscapes
• Balancing security and usability
• Protecting legacy APIs
• Developing secure APIs for third-party integration
• Security monitoring and IR for APIs
• Summary
• Further reading

17. Chapter 13: Implementing Effective API Governance and Risk Management Initiatives

• Understanding API governance and risk management
• Establishing a robust API security policy
• Conducting effective risk assessments for APIs
• Compliance frameworks for API security
• API security audits and reviews
• Summary
• Further reading

18. Index

• Why subscribe?

19. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book