This workshop supports content from SEC522: Application Security: Securing Web Applications, APIs, and Microservices
Modern distributed applications heavily implement and depend on APIs. often used like traditional libraries or local software components and share some of the same supply chain risks, they are likely to be exposed to third parties, making them that much more vulnerable.
In this lab, you will gain practical, hands-on experience to better understand common attacks and explore effective defense strategies that you can begin to implement right away.
Each monthly workshop in the series is independent of the others. There are no technical or educational dependencies from one to the others.
Who Should Attend
This workshop is ideal for any cloud security professionals or developers who want to deepen their understanding of API security fundamentals and gain hands-on experience in defending against real-world API attacks.
Learning Objectives
- Grasp API Security Fundamentals
- Understand the intricacies of REST API
- Identify and mitigate API Access Control Flaws, including BOLA/BFLA
- Implement JWT tokens within OAuth securely
- Hack and defend JWT tokens effectively
- Detect and prevent SSRF attacks
Scroll down for system requirements.
