This is the code repository for Defending APIs, published by Packt.

Uncover advanced defense techniques to craft secure application programming interfaces

Embark on an API security journey, from understanding API inner workings to exploiting vulnerabilities. This book will teach you how to attack APIs, defend by building robust APIs using secure development techniques, and ensure runtime protection.

This book covers the following exciting features:

• Explore the core elements of APIs and their collaborative role in API development
• Understand the OWASP API Security Top 10, dissecting the root causes of API vulnerabilities
• Obtain insights into high-profile API security breaches with practical examples and in-depth analysis
• Use API attacking techniques adversaries use to attack APIs to enhance your defensive strategies
• Employ shield-right security approaches such as API gateways and firewalls
• Defend against common API vulnerabilities across several frameworks and languages, such as .NET, Python, and Java

If you feel this book is for you, get your copy today!

All of the code is organized into folders. For example, Chapter02.

The code will look like the following:

<note>
	<to>Colin</to>
	<priority>High</priority>
	<heading>Reminder</heading>
	<body>Learn about API security</body>
</note>

Following is what you need for this book: This book is for application security engineers, blue teamers, and security professionals looking forward to building an application security program targeting API security. For red teamers and pentesters, it provides insights into exploiting API vulnerabilities. API developers will benefit understanding, anticipating, and defending against potential threats and attacks on their APIs. While basic knowledge of software and security is required to understand the attack vectors and defensive techniques explained in the book, a thorough understanding of API security is all you need to get started.

With the following software and hardware list you can run all code files present in the book (Chapter 1-13).

• Attacking and Exploiting Modern Web Applications [Packt] [Amazon]

• Practical Threat Detection Engineering [Packt] [Amazon]

Colin Domoney (BSc. MSc. CSSLP, CEH) is an API Security Research Specialist and Developer Advocate with deep expertise in the development of secure software. As VP of AppSec, he took on the challenge of securing software on a large scale and running the global AppSec program at Deutsche Bank. At Veracode, as an evangelist, he produces countless webinars, and blog posts, and speak globally at conferences. Currently, he has embraced the challenge of securing APIs with 42Crunch where he has produced the API industry’s first security maturity model and contributed to numerous webinars, talks, and blogs. Currently, he is working on the industry’s first defensive API developer training course. He is also the curator of the APISecurity weekly newsletter.