Skip to main content
  • English
    • English
    • 简体中文
    • Deutsch
    • Polski
    • العربية
    • Nederlands
    • Français
    • Magyar
    • Italiano
    • 日本語
    • 한국어
    • Português
    • Română
    • Русский
    • Español
Home

Certificate Authentication

API Security Architecture Certificate for SILVIU VLASCEANU

Add to LinkedIn

Certificate ID: 
777159
Authentication Code: 
4997b
Certified Person Name: 
SILVIU VLASCEANU
Trainer Name: 
Ahmed Yossef
Duration Days: 
3
Duration Hours: 
21
Course Name: 
API Security Architecture
Course Date: 
11 September 2024 10:00 to 13 September 2024 17:00
Course Outline: 

Module 1: Introduction to API Security
• What is API Security?
• Importance of API Security in Modern Applications
• API Security vs Web Application Security
• Overview of Common API Attacks
• Types of APIs (REST, SOAP, GraphQL, etc.)
Module 2: API Security Principles
• Principle of Least Privilege
• Secure API Design and Implementation
• Authentication and Authorization Best Practices
• Data Encryption in Transit and at Rest
• Rate Limiting and Throttling
• Secure API Gateways and WAFs
Module 3: OWASP API Top 10
• Overview of OWASP API Top 10 (2023)
– API1: Broken Object Level Authorization (BOLA)
– API2: Broken Authentication
– API3: Excessive Data Exposure
– API4: Lack of Resources & Rate Limiting
– API5: Broken Function Level Authorization
– API6: Mass Assignment
– API7: Security Misconfiguration
– API8: Injection
– API9: Improper Assets Management
– API10: Insufficient Logging & Monitoring
• Mitigation Strategies for Each Vulnerability
• Real-World Case Studies of OWASP API Security Failures
Module 4: Securing API Sessions
• Session Management in APIs
• Stateless vs Stateful API Sessions
• API Session Hijacking and Mitigations
• Secure Token Storage: In-Memory vs Local Storage vs Cookies
• Timeout Strategies for API Sessions
Module 5: JSON Web Token (JWT) Usage in API Security
• Introduction to JWT
• Anatomy of JWT (Header, Payload, Signature)
• Advantages of Using JWT for API Authentication

• JWT Best Practices (e.g., Short-Lived Tokens, Token Rotation)
• Signing and Verifying JWTs (HS256, RS256, etc.)

• Security Considerations for JWT (e.g., Avoid Storing Sensitive Data, Using Secure Algorithms)

• Handling JWT Expiration and Renewal
Module 6: API Security Tools and Techniques
• API Security Testing Tools
– OWASP ZAP
– Burp Suite
– Postman for Security Testing
• Automating API Security Testing
• Continuous API Security in CI/CD Pipelines
• API Security Monitoring and Threat Detection
Module 7: Case Studies and Hands-on Labs
• Hands-on Labs:
– Implementing Secure JWT Authentication
– API Security Testing with OWASP ZAP
– Mitigating OWASP API Top 10 Vulnerabilities in a Sample API
• Case Studies:
– Real-World API Breaches and Lessons Learned
– Best Practices from Leading Organizations

Staff Login