Home > Trainings > Certified API Security professional_CASP
Certified API Security professional_CASP
APIs now account for 80% of total Internet traffic, from the cloud to your fridge. While APIs bring new ways of developing and distributing applications, they also introduce new ways for malicious actors to attack enterprise systems.
Training Schedule
Features
Self-paced Learning Mode
Browser-based Lab Access
24/7 Instructor Support via Mattermost
Course Objective
The following are the course’s objectives.
-
- Identify, exploit, and protect against a wide variety of API security vulnerabilities.
- Gain a practical understanding of API Security and the tools for automation.
- Understand and implement the modern ways of scaling API Security Testing.
- Gain abilities to audit APIs for security measures and provide solutions.
- Understand, assess, and secure APIs written in different architecture styles.
- Learn new ways to secure APIs through automation, and DevSecOps practices.
Course Agenda
Module 1: Introduction to API Security
- Introduction to Application Programming Interface
- Understanding API Architecture
- Strategies To Secure APIs
- API Defenses
- Hands-on Exercises
Module 2: API Security Tools of the trade
- The Moving Parts in an API
- Critical Toolchain for API Development
- Containerization
- Ability To Talk to an API
- Hands-on Exercises
Module 3: Authentication Attacks and Defenses
- Overview of API Authentication
- Types of Authentication
- Authentication Attacks
- Authentication Defenses
- Hands-on Exercises
Module 4: Authorization Attacks and Defenses
- Overview of API Authorization
- Types of Authorization
- Authorization Attacks
- Authorization Defenses
- Authorizing with OAuth Framework
Module 5: Input validation Threats and Defenses
- Introduction to Input Validation
- Injection Vulnerabilities
- Fuzzing
- Injection Defenses
Module 6: Other API Security Threats
- Introduction to OWASP API Top 10
- Attacking Caching Layers (Memcache, Proxies, etc.,)
- Attacking GraphQL APIs
- Attacking SOAP APIs
- Abusing Micro-services, and REST APIs
- Post Exploitation in the API World
Module 7: Other API Security Defenses
- GraphQL API Security Best Practices
- SOAP API Security Best Practices
- REST API Security Best Practices
- Data Security
- Securing Data at Rest Using Encryption
- Securing Data in Transit Using TLS
- Rate Limiting Best Practices
- Security Headers
Module 8: Implementing API Security Mechanisms
- API Security Design Best Practices
- Authentication Implementation
- Authorization Implementation
- Rate-Limiting Implementation and Best Practices at Different Stages
- Securely Store Secrets Using Hashicorp Vault
- Data Security Implementation
- Using Transport Layer Security (TLS)
- Implementing Sufficient Logging & Monitoring
Module 9: API Security, the DevSecOps Way
- OWASP ASVS Framework
- Automated Vulnerability Discovery
- Finding Insecure Dependencies Using Software Component Analysis
- Finding Vulnerabilities in Code Using Static Application Security Testing
- Automating API Attacks Using Dynamic Application Security Testing
- Addressing API Security Issues at Scale
Exam & Certification
- After completing the course, you can schedule the CASP exam on your preferred date.
- The process of achieving Practical DevSecOps CASP Certification can be found on the exam and certification page.
FAQs
Are there any pre-requisites for this course?
- Course participants should have a basic understanding of Linux Commands and OWASP Top 10.
- Basic knowledge of application development is preferred but is not necessary.
How do I take the exam?
TaUB Solutions will request the examinations together with your registration. The exam should be taken at the end of the course. Results are available within 5 working days.