OWASP-API-Sec-Top-10

Course Introduction

The objective of this course is to help students become API security professionals and to be able to identify and reduce API-related security risks. OWASP API Security Top Ten and Beyond! is meant to help improve the skills of bug bounty hunters, developers, penetration testers, organizational leadership, and anyone else interested in learning about API security.

Course Objectives:

• Introduce OWASP, the API Security Project, and the changes from the OWASP API Security 2019 to 2023.

• Prepare students to pass the Certified API Security Analyst (CASA) exam.

• Develop a strong foundation in the following API security risks:

• Broken Object Level Authorization (API1:2023)

• Broken Authentication (API2:2023)

• Broken Object Property Level Authorization (API3:2023)

• Unrestricted Resource Consumption (API4:2023)

• Broken Function Level Authorization (API5:2023)

• Unrestricted Access to Sensitive Business Flows (API6:2023)

• Server Side Request Forgery (API7:2023)

• Security Misconfiguration (API8:2023)

• Improper Inventory Management (API9:2023)

• Unsafe Consumption of APIs (API10:2023)

• Help secure the APIs of the Internet and prevent API-related data breaches.

• Prepare students with additional resources for continued learning and growth in API security.