Mastering with EssentialAPI Security learning resources

Concepts that you should learn to excel in API Security

Sanjeev Jaiswal (Jassi)
3 min readOct 18, 2024
Excel API Security with these learning resources

APIs are the backbone of modern applications, enabling seamless integration and data exchange across platforms. Whether you’re starting your API journey or looking to enhance your API security skills, I’ve curated a list of essential resources for API fundamentals and API security practices. Check them out below!

These are learning resources; however, for practical experience, you have to get your hands dirty. You can use any OWASP API security labs. I have learned using APISEC University, AppsecEngineer and Attack Defense Labs

Remember, you need to invest in yourself. Be it your health or skills.

API Fundamentals learning resources:

  1. API Integration in details
  2. API Testing Guide
  3. Python API Tutorial
  4. API Scaling
  5. API workflow with Postman
  6. API Testing using Postman
  7. API Security Tutorial by Wallarm
  8. API Explained for product managers
  9. A linter for API documentation: Vale

API Security Learning resources

  1. OWASP Top 10 API explained by Salt Security
  2. Free resources to practice for OWASP Top 10 API by Contra Security
  3. Paid lab from attack defense on API Security
  4. API Hacking 101 by traceable.ai
  5. API Security Challenges by Traceable AI
  6. The evolution to cloud-native applications and APIs
  7. Web Application security is not API security
  8. Deep Dive on BoLA by Inon Shkedy
  9. The 6 Most Common Security Issues in API Development and How to Fix Them
  10. API Security Best Practices
  11. OWASP API Security Top 10 Cheat Sheet
  12. Securing Your APIs with OAuth 2.0
  13. How to Secure an API with OAuth 2.0 from Digital Ocean
  14. Securing Your GraphQL APIs
  15. Secure your APIs with these ten best practices
  16. API security best practices from checkmarx
  17. Secure your APIs with these seven basic rules
  18. API security best practices white paper from Akamai
  19. Five HTTP security headers you must use for API security
  20. API security best practices for developers
  21. API Security Academy

API Security Tools

  1. Dastardly from Burp suite (free): Use it in CI/CD pipeline
  2. API Security Audit from 42 crunch for bitbucket pipeline:
  3. Wallarm Advanced API Security Platform
  4. Google Apigee Sense
  5. Traceable: Intelligent API Security at Enterprise Scale
  6. Levo: Continous API Security Assurance
  7. Beagle Security
  8. Salt Security
  9. Cequence
  10. Neosec: now part of Akamai

Books

  1. API Security in Action
  2. Hacking APIs: Breaking Web Application Programming Interfaces
  3. Web Application Security
  4. Advanced API Security

Videos

  1. API Security: Everything you need to know to protect your APIs
  2. The 2022Guide to API Security
  3. Analysing the OWASP API Security Top 10 for Pen Testers

Courses

  1. API Security Fundamentals form APISec University (free)
  2. API Penetration Testing Course from APISec University (free)
  3. API Security on Google Cloud’s Apigee API Platform
  4. API Fundamentals from Qualys for (free)
  5. Introduction to the OWASP API Security Top 10 — Cybrary (free)
  6. Building Secure APIs with OAuth 2.0 from Pluralsight
  7. Building Secure APIs with GraphQL from Pluralsight

Certifications

  1. CSSLP
  2. API Security Architect Certification
  3. Certified API Security Professional

Interview Questions

Possible API Security interview questions are shared at different GitHub repos to keep them aligned with the career roadmap guide.

Bonus study material

👨‍🎓 Also, if you want to excel in API Security, You should check this API security study plan on Github: https://github.com/jassics/security-study-plan/blob/main/api-security-study-plan.md

In the ever-evolving landscape of APIs, staying updated is critical. Explore these resources and stay ahead in securing your APIs!

It was first published in AlienCoders

Follow me for more security-related content:

  1. Linkedin
  2. Youtube
  3. Twitter

--

--

Sanjeev Jaiswal (Jassi)
Sanjeev Jaiswal (Jassi)

Written by Sanjeev Jaiswal (Jassi)

Cloud Security, Application Security, DevSecOps, Python, Author, Trainer. I also provide career guidance to freshers and professionals in cybersecurity space.

No responses yet