Rest-API

Goals


- Learn about RESTful API architecture and design best practices

- Discover the threats to your APIs

- Discover the most frequent vulnerabilities

- Know how to identify the weak points of an API

- Know how to correct vulnerabilities and develop in a secure manner

Program

RESTful API: origin, definition and fundamental principles
Richardson Maturity Model
REST architecture constraint (HATEOAS, Semantic Web)

Naming conventions
Base URL
Management of Media
Versioning types
Id property
Polymorphism Date
management
Resource association
Presentation of standards

Workshop: overview of available standards

OpenAPI specification (Swagger)
Using Swagger Editor
Debugging and testing tools: Postman, SoapUI REST, Katalon Studio, …
RESTful API mocking with Sandbox
JSON data generator (JSON Generator) Service
generator (JSON Server)

Workshop: Design of an API with Swagger – Mocking – Use of Postman for tests.

Analysis of threats and impacts on the API OWASP
security standards
TOP 10
Management of
Quid authentication on cookies
Management of Cross-origin
CSRF (Cross-Site Request Forgery)
Anti-farming and rate-limiting (or throttling)
Management permissions
Authentication OAuth2
OpenID Connect
Canonicalization, Escaping and Sanitization
Protection against injection
Data management or Cache Poisoning
Counter ReDoS

Workshop: Using Websheep to study several API vulnerabilities (authentication / authorization).

JavaScript Object Signing and Encryption (JOSE)
JSON Web Tokens (JWT): principle and vulnerabilities

Workshop: Integration of JOSE or JWT in an API – vulnerability demonstration

Contribution of an API Management
Tool Panorama solution : Apigee, 3scale, IBM API Management, Akana, Kong Enterprise, Dell Boomi, Mashery

Workshop: Testing an API Management solution

Duration

3 days

Price

£ 1893

Audience

Developers, web designers

Prerequisites

Knowledge of web development: JavaScript / HTTP / HTML

Reference

SIT100904-F

Sessions

Contact us for more informations about session date