Testing API Security: A Wizard’s Guide
As we've seen in recurring events in the past year, web services APIs are a primary target for security attacks—and the consequences can be catastrophic for both API providers and end users. Stolen passwords, leaked credit card numbers, and revealed private messages and photos are just some of the headaches awaiting those who have been compromised. Ole Lensmar puts on his hacker-cloak to show how attackers break systems via web service APIs with fuzzing, session spoofing, injection attacks, cross-site scripting, and other methods. Learn how these attacks actually work on an API and how we can test an API to make sure it isn't vulnerable—without compromising the API at the same time. Find out the roles various security-related standards play and how they affect testing. Come and find out. You can’t afford not to.