Building secure APIs and microservices is hard, really hard. Not only do you have to make the right architectural security decisions, you also have to be aware of various implementation vulnerabilities to ensure the security of your applications. Common failures result in authentication bypasses, data extraction, or full system compromise.
In this training, you will learn how to build secure APIs. Using a mix between lectures and hands-on exercises, we learn about different security approaches and their trade-offs. Throughout the training, we build up a set of best practices that allow you to analyse and improve the security of your own applications.
Concretely, we will cover the following topics in this hands-on training:
Who should attend?
This security training specifically targets API developers. Anyone involved in building APIs for mobile or Single Page Applications, or managing development teams should be here. This training course is not just any training course. It is packed with in-depth and up-to-date content. We do not merely brush over a threat and defense but focus on the underlying cause and consequences. Why do we have this problem? Which mitigations are often used? Why are some ineffective? Which one is the current best practice? These are the questions that will be answered throughout the training.
To participate in this training, you should have development experience with web applications and APIs. Familiarity with the basics of security is helpful, but not required. The training will include NodeJS and Spring examples, but is just as relevant for other frameworks and technologies.
To participate in the lab sessions, participants need a computer with a full-featured modern browser installed (E.g., Chrome, Firefox).