Workshop API security testing
Did you know that, as of 2023, 83% of all internet traffic originates from API calls? APIs have significantly changed how we design and develop applications.
As a result, APIs have become a very important attack vector for people with malicious intent. So, you probably want to make sure that your APIs are secure!
But how do you get started investigating the security of your APIs? Isn’t security testing something that requires deep technical knowledge and highly specific expertise?
Well, that doesn’t have to be the case. In fact, getting started with API security testing mostly requires some healthy curiosity, a bit of creative thinking and some guidelines to help you on your way.
In this workshop, you’ll learn about some of the most common API security vulnerabilities and how to investigate whether your APIs are falling victim to them. You’ll see how you can use popular API testing tools to perform valuable security experiments on your APIs and how to interpret and discuss the results with your team and other stakeholders.
Workshop outline
This workshop covers the following topics:
- The importance of testing the security of your APIs
- Tools that can help you get started
- Hands-on: experimenting with invalid and potentially malicious input
- Introduction to the OWASP API security top 10
- Hands-on: exploring an API for OWASP API top 10 vulnerabilities
- Interpreting and communicating API security testing results
- Where to start if you want to go deeper
Intended audience and prerequisite knowledge
This course is aimed at software testers and developers that want to learn more about testing the security of their APIs.
Some prior knowledge of APIs, HTTP and REST is beneficial. I am confident, however, that even without this you will find this workshop to be very useful.
Delivery and group size
This workshop is a great fit both for an on site or an online in house training session, as well as a half or full day conference tutorial. I recommend a maximum group size of around 15-20 people.
Duration
This workshop typically takes 3-4 hours, but can be extended to a full-day tutorial.
Interested?
If you would like to book me to teach this workshop in your organization or at your conference, or if you have any additional questions, please send an email to bas@ontestautomation.com or use the contact form on this page.
For an overview of all training courses and workshops I have on offer, please visit the main training page.