Goals
- Learn about RESTful API architecture and design best practices
- Discover the threats to your APIs
- Discover the most frequent vulnerabilities
- Know how to identify the weak points of an API
- Know how to correct vulnerabilities and develop in a secure manner
Program
RESTful API: origin, definition and fundamental principles
Richardson Maturity Model
REST architecture constraint (HATEOAS, Semantic Web)
Naming conventions
Base URL
Management of Media
Versioning types
Id property
Polymorphism Date
management
Resource association
Presentation of standards
Workshop: overview of available standards
OpenAPI specification (Swagger)
Using Swagger Editor
Debugging and testing tools: Postman, SoapUI REST, Katalon Studio, …
RESTful API mocking with Sandbox
JSON data generator (JSON Generator) Service
generator (JSON Server)
Workshop: Design of an API with Swagger – Mocking – Use of Postman for tests.
Analysis of threats and impacts on the API OWASP
security standards
TOP 10
Management of
Quid authentication on cookies
Management of Cross-origin
CSRF (Cross-Site Request Forgery)
Anti-farming and rate-limiting (or throttling)
Management permissions
Authentication OAuth2
OpenID Connect
Canonicalization, Escaping and Sanitization
Protection against injection
Data management or Cache Poisoning
Counter ReDoS
Workshop: Using Websheep to study several API vulnerabilities (authentication / authorization).
JavaScript Object Signing and Encryption (JOSE)
JSON Web Tokens (JWT): principle and vulnerabilities
Workshop: Integration of JOSE or JWT in an API – vulnerability demonstration
Contribution of an API Management
Tool Panorama solution : Apigee, 3scale, IBM API Management, Akana, Kong Enterprise, Dell Boomi, Mashery
Workshop: Testing an API Management solution
Duration
3 days
Price
£ 1893
Audience
Developers, web designers
Prerequisites
Knowledge of web development: JavaScript / HTTP / HTML
Reference
SIT100904-F
Sessions
Contact us for more informations about session date