OWASP Seguridad API Top 10 2021 + 2023 con Ejemplos en Java

Course Overview

• Course Title: OWASP Seguridad API Top 10 2021 + 2023 con Ejemplos en Java
• Instructor: Andrii Piatakha
• Target Audience:
  • Developers
  • Security professionals
  • DevOps engineers
  • Software architects
  • Individuals interested in API security
• Prerequisites:
  • Basic knowledge of APIs and web development
  • Familiarity with HTTP methods, request/response structure, and RESTful APIs
  • Willingness to learn and apply secure coding practices
  • No prior cybersecurity experience required, but beneficial

Curriculum Highlights

• Key Topics Covered:
  • Detailed analysis of OWASP API Security Top 10 vulnerabilities (2021 & 2023)
  • Identifying and mitigating security risks in API development
  • Implementing best practices in authentication, authorization, and data protection
  • Protecting APIs against common attacks such as injection, data leakage, and insecure configurations
  • Understanding API security fundamentals and their importance in modern applications
  • Applying Zero Trust principles in API protection
  • Secure implementation of OAuth 2.0, OpenID Connect, and JWT
  • Detecting and mitigating vulnerabilities like Broken Authentication and Broken Access Control
  • Configuring security headers and CORS policies correctly
  • Protecting APIs against DDoS attacks and resource exhaustion
  • Using security scanning tools like OWASP ZAP and Burp Suite
  • Implementing security logging and monitoring to detect threats in real-time
  • Ensuring data integrity with hashing and encryption techniques
  • Designing secure API architectures with DevSecOps and secure CI/CD
• Key Skills Learned:
  • API security vulnerability analysis
  • Risk identification and mitigation in API development
  • Secure coding practices
  • Authentication and authorization best practices
  • API protection techniques
  • Zero Trust principles
  • Secure implementation of OAuth 2.0, OpenID Connect, and JWT
  • Vulnerability detection and mitigation
  • Security header and CORS policy configuration
  • DDoS protection
  • Use of security scanning tools
  • Security logging and monitoring
  • Data integrity techniques
  • Secure API architecture design with DevSecOps and CI/CD

Course Format

• Duration: 12.5 hours on-demand video
• Format: Self-paced online course
• Resources:
  • 2 articles
  • Access on mobile and TV
  • Certificate of completion