Bulletproof APIs: Hands-On API Security
Live training available as a 1-day essentials workshop or a 2-day advanced workshop
APIs are everywhere in tech, and their security is crucial. The latest OWASP API Security Top 10 underscores the importance of getting API security right—not just in coding but in understanding the nuances and making smart trade-offs.
This workshop will provide you with the skills to secure your APIs, diving into the principles of building robust, modern APIs and providing practical, actionable security advice to enhance your applications immediately.
1-day Essentials outline
- The security model of API-based web applications
- Recognizing and addressing authorization failures
- Fixing Broken Object Level Authorization (BOLA)
- Understanding Broken Object Property Level Authorization (BOPLA)
- Testing the security of APIs that use JWTs
- Best practices for making JWTs secure in modern APIs
- Finding and fixing Server-Side Request Forgery (SSRF)
- Hands-on labs throughout the day
2-day Advanced outline
- All of the content from day 1
- Architecture patterns for user authentication tracking
- Securing session and token-based user authentication
- The mechanics behind Cross-Origin Resource Sharing (CORS)
- Configuring secure CORS policies for various use cases
- Relying on OAuth 2.0 for securing APIs
- OAuth 2.0 scenarios for complex architectures
- Hands-on labs throughout the day
Pricing Information
In-house workshops
In-house workshops are available on-site or online, depending on your preference. Pricing for in-house training is available at a fixed price per day, independent of the size of the group. Depending on current promotions, the cost per attendee per day ranges from EUR 200 - 233 for a group of 30 people. Details about pricing and availability can be requested by contacting Philippe at philippe@pragmaticwebsecurity.com.
Public online workshops
For individuals or small groups, joining a live online edition of this training is more cost-efficient than hosting an in-house training. The live online training offers the same immersive training experience. The next training is scheduled for December 5th - 6th, 2024.
If you have any further questions, don't hesitate to reach out to philippe@pragmaticwebsecurity.com.
What to expect?
The recording below should give you a good idea of Philippe's presenting style. This particular video is from the Devoxx conference in October 2023, where Philippe discusses essential API security concepts to an audience of approximately 600 people.
The testimonials below illustrate how attendees experience Philippe's trainings.
Trainer is great and an expert in the domain. All of the topics are very relevant. Practical examples for most of the topics. Excellent communication and addressing of questions.
Even though the topic is broad, there was no single moment where my focus went astray. Philippe talks in a way to keep you interested to listen to him.
Great workshop! The instructor was very well-prepared and gave an amazingly insightful explanation on API security. The mix of interactive quizzes (kahoot) and challenges kept us engaged throughout the day.
Philippe is a friendly and knowledgeable trainer and delivered an interesting course that was well presented. Questions were answered promptly and in a detailed way.
Your trainer, Dr. Philippe De Ryck
Philippe De Ryck, with a Ph.D. in web security from KU Leuven, is renowned for making complex security topics accessible and engaging. As the founder of Pragmatic Web Security, he delivers expert security training and consulting, consistently earning raving reviews from participants globally. He also contributes to OAuth 2.0 specifications as a co-author of best practices for browser-based apps and is recognized as a Google Developer Expert for his contributions in the field of web application and API security.
