The Fundamentals of API Security

The Fundamentals of API Security

Four part video series aimed at helping you understand how API can be attacked and protected.

Play this article

Working as a Developer Advocate @ Akamai Technologies has allowed me to see the rise of microservices and APIs in the industry up close. Consulting and collaborating with companies who shifted their traditional web stacks over to a microservices architecture started running into similar security risks - How to best protect their APIs?

In everything that I have learned over roughly 5 years of working with APIs and how to secure them, last year I created a 4 part video series that I am resurfacing because API Microservices and securing them has never been more topical.

Each of these videos is roughly 7 to 10 minutes in length and over an hour, you will see the fundamentals of API Security in action with examples, real-life use cases and demos on how APIs get attacked.

Video 1: Understanding the Fundamentals of API Security

Video 2: Protecting your infrastructure from attacks

Video 3: API Manipulation and Injection attacks in action

Video 4: The best way to manage your APIs

There are a ton of different ways APIs can get attacked and many before me have named, tagged and categorized them, especially OWASP. The Open Web Application Security Project, released the API Security Top 10 in 2019 with the most common API threats.

OWASP will be launching a brand new API Security Top in 2023 which I look forward to. I will be comparing the old and the new list and diving deeper into these API security topics throughout the year.

Of course, outside of actual API attacks, your API microservices architecture might still be dependent on Web Applications or DevOps tooling and there are dedicated OWASP lists for those as well:

OWASP Top 10 Web Application Risks

OWASP Top 10 CI/CD Risks

If API Security is an important topic for you to stay up to date on or if you have any questions on API Security, feel free to reach out to me on social media. You can find me on LinkedIn or follow me on Hashnode.