Preface

In today’s hyper-connected digital world, APIs are ubiquitous in providing the connecting tissue between systems and services. The growth of APIs continues at an exponential pace, with almost every developer either responsible for creating APIs of their own or consuming APIs as part of their solution. Unfortunately, attackers have shifted their focus to attacking APIs first, and the alarming rise in API incidents and breaches is testimony to the challenges developers face in producing APIs that are secure and robust.

This book is intended to be the primary reference for developers wishing to build secure APIs, and for security teams wanting to get a grip on the unique challenges of securing APIs. The book has a strong practical focus, with extensive code samples and tooling and references to real-world API breaches. The first part covers the basics of APIs and security, including common API vulnerabilities.

As a defender, it is essential to understand the methods of your adversaries, and I will guide you through the common skills and techniques employed by attackers. This will equip you with the skills to thoroughly test your APIs for common API weaknesses and vulnerabilities. The book addresses the full spectrum of API security, from pre-emptive secure-by-design practices as part of a shift-left approach to state-of-the-art runtime protection as part of a shield-right approach.

Finally, I draw on my experience of building large-scale software security programs to provide you with insights and strategies to establish and then mature your own API security programs.

Join me on this exciting journey into the world of API security and ensure that your APIs are never a point of weakness for attackers.