OWASP 2023 API Security Training Course

Our hands-on instructor-led OWASP 2023 API Security training course is aimed at developers who need to understand and gain practical experience mitigating the key current vulnerabilities.

Standard duration: 2 Days
Email course link

Customise this course for your team

We can tailor your syllabus to take into account your group's current skills, technology stack, and specific learning goals - as part of a wider training programme or as a standalone workshop.

Enquire now to find out about our cost-effective options:

"We particularly enjoyed Stuart's anecdotes and stories which gave context to the topics discussed."

PCI DSS 4.0.1 Training Course - Secure Software Development
RT, Developer
JATO

"I felt I learned a lot in short period. Real-world experience from the instructor was a major plus. Many thanks!"

PCI DSS 4.0.1 Training Course - Secure Software Development
DV, Developer
JATO

"Some really useful things to think on - real life examples really helped put the content in context."

Web App Security and OWASP 2021 Training Course
KC, Lead Software Developer
UK consultancy (risk, pensions, investment and insurance) - name withheld

"I liked the exercises. It makes it easier to understand what you have learnt"

Web App Security and OWASP 2021 Training Course
Anon, Software Engineer
Ometria

"The course had a good pace and the trainer was able to keep the content interesting."

Web App Security and OWASP 2021 Training Course
JP, Business Analyst
Jato

About the course:

Our OWASP 2023 API Security training course is aimed at developers who need to understand the key current vulnerabilities presenting a constant threat to Application Programming Interface (APIs).

Through hands-on exercises and instructor-led demonstrations and discussion, you'll explore the OWASP Top Ten API Vulnerabilities.

These vulnerabilities largely affect cross-platform web technologies, and as such our course can be suitable for anyone involved in web development. Our hands-on exercises and code demonstrations are delivered with examples of JavaScript, SQL and other common exploits.

If you have a specific set of learning goals or project requirements, we can tailor the course for on-site delivery and focus for instance on your tech stack (e.g. JavaScript, .NET, Java, PHP, Scala et al).

We're happy to offer our API Security and OWASP 2023 training online; in-person at our London training centre, or at your location of choice. Please get in touch to find out about flexible options to suit your team.

Trusted by:

In a nutshell Who should attend Flexible training Course Syllabus

Learning outcomes

Explore and enforce a Secure Development Lifecycle
Identify and mitigate OWASP Top 10 API Vulnerabilities
Further steps to reduce the risk of consuming and exposing APIs

Who should attend

Web Developers, Testers, Software Architects, Development Managers, Technical QA Managers

Prerequisites

Experience of data-driven web development in a language such as Java, C#, VB.NET, PHP. Knowledge of JavaScript would also be useful.

Live, instructor-led online and on-site training

We appreciate that you need flexibility to fit in with new working situations - whether you're an individual, part of a distributed team, or simply have projects and deadlines to meet.

Our remote training can take place online in a virtual classroom, with content split into modules to accommodate your scheduling challenges and meet your learning goals. Get in touch today to find out how we can help design a cost-effective, flexible training solution.

Introduction to API Security

What is API Security and why is it so important?
What does it mean to *your* business?

SDL in depth

Analysing security and privacy risk
Attack surface analysis
Threat Modelling
Identifying the right tools
Enforcing banned functions
Static analysis
Dynamic / Fuzz Testing
Response Plan
Final Security Review

Hands-on with the OWASP Top 10 API Security Risks

API1:2023 - Broken Object Level Authorization
API2:2023 - Broken Authentication
API3:2023 - Broken Object Property Level Authorization
API4:2023 - Unrestricted Resource Consumption
API5:2023 - Broken Function Level Authorization
API6:2023 - Unrestricted Access to Sensitive Business Flows
API7:2023 - Server Side Request Forgery
API8:2023 - Security Misconfiguration
API9:2023 - Improper Inventory Management
API10:2023 - Unsafe Consumption of APIs

Beyond OWASP

Data Protection Mechanisms (crypto and more)
Fuzz testing and other tools
Click jacking
Response Splitting
CWE/SANS Top 25 Most Dangerous Software Errors
Exploiting authentication
Language issues
Data devaluation
Tokenisation solutions
Auditing and Logging Solutions

Summary

Applying what you’ve learnt in the real world.
Understanding the business impact of insecure software.

Public Courses Dates and Rates

Standard duration: 2 Days

Please get in touch for pricing and availability.

Interested in this course?

If you want to explore how you can tailor this course for your organisation, want to sign up for our newsletter, or have any other questions then please speak to us on 020 3137 3920 or get in touch using this form.

This form requires javaScript to work, please email us at webenquiries@frameworktraining.co.uk if you do not have it enabled.

First Name*

Last Name*

Email*

Phone Number*

Company*

Subject/Tech*

Your message*

Where did you first hear about us?

Get in touch

We use cookies on our website to provide you with the best user experience. If you're happy with this please continue to use the site as normal.
For more information please see our Privacy Policy.

I understand

Ready to take your skills to the next level?