API Security

API Security

Securing APIs end to end. JWT, OAuth 2.0, OpenID Connect, API keys, rate limiting, secrets management, CORS, and common API attack patterns and how to prevent them.

FundamentalsTopics 1–9
  • ·API Security Threat Model
  • ·Authentication vs Authorisation
  • ·API Keys
  • ·Basic Auth
  • ·Bearer Tokens
  • ·HTTPS/TLS for APIs
  • ·Rate Limiting Basics
  • ·CORS for APIs
  • ·Input Validation & Error Messages
Start Fundamentals
IntermediateTopics 10–18
  • ·JWT Anatomy
  • ·JWT Signing (HS256 vs RS256)
  • ·JWT Vulnerabilities
  • ·Refresh Token Patterns
  • ·OAuth 2.0 Flows
  • ·OpenID Connect (OIDC)
  • ·API Key Rotation Strategies
  • ·RBAC & ABAC
  • ·Secrets Management
Start Intermediate
AdvancedTopics 19–27
  • ·mTLS (Mutual TLS)
  • ·Zero Trust API Architecture
  • ·GraphQL Attacks
  • ·gRPC Security
  • ·WebSocket Authentication
  • ·API Gateway Security Patterns
  • ·Token Binding
  • ·Certificate Pinning
  • ·BOLA/BFLA (OWASP API Top 10)
Start Advanced
ProductionTopics 28–35
  • ·API Security Scanning
  • ·Runtime Protection (WAAP)
  • ·API Inventory & Documentation
  • ·DDoS & Bot Protection
  • ·Secrets Rotation Automation
  • ·Security Testing in CI
  • ·Compliance for APIs
  • ·Security Monitoring
Start Production