This is a hand-on practical concentrated course on securing and attacking web and cloud APIs. APIs are everywhere nowadays: In web apps, embedded systems, enterprise apps, cloud environments and even IoT, and it is becoming increasingly necessary to learn how to defend, secure and attack API implementation and infrastructure. This training aims to engage you in creating secure modern APIs, while showing you both new and old attack vectors.
Syllabus
Defending and attacking Web APIs (REST, GraphQL..etc)
Attacking and securing AWS APIs and infrastructure.
Launching and mitigating modern Injection attacks (SSTI, RCE, SQLi, NoSQLi, Deserialization & object injection)
Deploying practical cryptography.
Securing passwords and secrets in APIs.
API authentication and authorization.
Targeting and defending API architectures (Serverless, web services, web APIs)
Securing development environments.