Concepts that you should learn to excel in API Security

APIs are the backbone of modern applications, enabling seamless integration and data exchange across platforms. Whether you’re starting your API journey or looking to enhance your API security skills, I’ve curated a list of essential resources for API fundamentals and API security practices. Check them out below!

These are learning resources; however, for practical experience, you have to get your hands dirty. You can use any OWASP API security labs. I have learned using APISEC University, AppsecEngineer and Attack Defense Labs

Remember, you need to invest in yourself. Be it your health or skills.

API Fundamentals learning resources:

1. API Integration in details
2. API Testing Guide
3. Python API Tutorial
4. API Scaling
5. API workflow with Postman
6. API Testing using Postman
7. API Security Tutorial by Wallarm
8. API Explained for product managers
9. A linter for API documentation: Vale

API Security Learning resources

1. OWASP Top 10 API explained by Salt Security
2. Free resources to practice for OWASP Top 10 API by Contra Security
3. Paid lab from attack defense on API Security
4. API Hacking 101 by traceable.ai
5. API Security Challenges by Traceable AI
6. The evolution to cloud-native applications and APIs
7. Web Application security is not API security
8. Deep Dive on BoLA by Inon Shkedy
9. The 6 Most Common Security Issues in API Development and How to Fix Them
10. API Security Best Practices 
11. OWASP API Security Top 10 Cheat Sheet
12. Securing Your APIs with OAuth 2.0
13. How to Secure an API with OAuth 2.0 from Digital Ocean
14. Securing Your GraphQL APIs 
15. Secure your APIs with these ten best practices
16. API security best practices from checkmarx
17. Secure your APIs with these seven basic rules
18. API security best practices white paper from Akamai
19. Five HTTP security headers you must use for API security
20. API security best practices for developers
21. API Security Academy

API Security Tools

1. Dastardly form Burp suite (free): Use it in CI/CD pipeline
2. API Security Audit from 42 crunch for bitbucket pipeline:
3. Wallarm Advanced API Security Platform
4. Google Apigee Sense
5. Traceable: Intelligent API Security at Enterprise Scale
6. Levo: Continous API Security Assurance
7. Beagle Security
8. Salt Security
9. Cequence
10. Neosec: now part of Akamai

Books

1. API Security in Action
2. Hacking APIs: Breaking Web Application Programming Interfaces
3. Web Application Security
4. Advanced API Security

Videos

1. API Security: Everythign you need to know to protect your APIs
2. The 2022Guide to API Security
3. Analysing the OWASP API Security Top 10 for Pen Testers

Courses

1. API Security Fundamentals form APISec University (free)
2. API Penetration Testing Course from APISec University (free)
3. API Security on Google Cloud’s Apigee API Platform
4. API Fundamentals from Qualys for (free)
5. Introduction to the OWASP API Security Top 10 – Cybrary (free)
6. Building Secure APIs with OAuth 2.0 from Pluralsight
7. Building Secure APIs with GraphQL from Pluralsight

Certifications

1. CSSLP
2. API Security Architect Certification
3. Certified API Security Professional

Interview Questions

Possible API Security interview questions are shared at different GitHub repos to keep them aligned with the career roadmap guide.

Bonus study material

👨‍🎓 Also, if you want to excel in API Security, You should check this API security study plan on Github: https://github.com/jassics/security-study-plan/blob/main/api-security-study-plan.md

In the ever-evolving landscape of APIs, staying updated is critical. Explore these resources and stay ahead in securing your APIs! 🛡️