What do I think of the API Security Fundamentals from APIsec University with Dan Barahona

Just finished the API Security Fundamentals course from APIsec University with Dan Barahona and it was packed with solid insights. Coming from the hacking side I usually focus on how to break things, but this course gave me a broader view of why APIs are such attractive targets and how attackers actually approach them.

My Thoughts

Dan breaks it down in a way that’s clear, real world and easy to follow even covering the OWASP API Top 10 with breach examples that make it all click. What really stood out to me was how APIs often fly under the radar when it comes to security despite powering most of what we do online.

Highly recommend this course if you’re in red teaming, AppSec, or just curious about how to look at APIs with both a builder and breaker mindset. Or just if you like knowledge 🙂

Who Should Take This Course?

The API Security Fundamentals course is a great fit for anyone who works with APIs or is involved in securing them.

  • AppSec and security engineers
    looking to level up on API specific risks, beyond traditional web security.
  • Developers and DevOps engineers
    who build or deploy APIs and want to bake security into their workflows.
  • Penetration testers
    wanting a solid foundation in API specific attack vectors and OWASP API Top 10.
  • Tech leads and architects
    aiming to design more secure API systems and reduce business risk.
  • Anyone new to API security
    who wants a structured, beginner-friendly way to get started.

You don’t need to be a security expert just a basic understanding of APIs and how web apps work is enough to get value from the course.

Course Curriculum

  • Introduction
  • Why API Security
  • OWASP API Top 10 + Real-World Breaches
  • Introduction – OWASP API Security Top 10
  • OWASP API #1 – Broken Object Level Authorization
  • OWASP API #2 – Broken Authentication
  • OWASP API #3 – Broken Object Property Level Authorization
  • OWASP API #4 – Unrestricted Resource Consumption
  • OWASP API #5 – Broken Function Level Authorization
  • OWASP API #6 – Unrestricted Access to Sensitive Business Flows
  • OWASP API #7 – Server Side Request Forgery
  • OWASP API #8 – Security Misconfiguration
  • OWASP API #9 – Improper Inventory Management
  • OWASP API #10 – Unsafe Consumption of APIs
  • API Attack Analysis
  • Why API Security
  • Threat Modeling
  • Three Pillars of API Security
  • Governance
  • Monitoring
  • Testing
  • Application Security Technology Landscape
  • Best Practices for API Security

Thats all!

Keep Hacking!

//Roger

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑