OWASP 十大 API 安全风险 - 2023 年
OWASP Top 10 API Security Risks - 2023
- 1 - Introduction
- 1 -Introduction
- 2 -Who is this course for
- 3 -What Will You Learn In This Course
- 4 -APIs in digital age
- 5 -Why API Security matters
- 2 - Fundamental Principles of Application Security
- 1 -CIA, AA
- 2 -RBAC and ABAC
- 3 - OWASP
- 1 -Introduction to OWASP
- 2 -OWASP API Top 10 2019 vs 2023
- 4 - A Vulnerable Application for Demos - Online Bookstore
- 1 -Vulnerable Book Store Tour
- 5 - API12023 - Broken Object Level Authorization
- 1 -API12023 - Broken Object Level Authorization
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 4 -Practical Demo - BOLA Exploitation
- 6 - API22023
- 1 -API22023 - Broken Authentication
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 4 -Practical Demo - Authentication Exploitation
- 7 - API32023
- 1 -API32023 - Broken Object Property Level Authorization
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 4 -Practical Demo
- 8 - API42023
- 1 -API42023 - Unrestricted Resource Consumption
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 9 - API52023
- 1 -API52023 - Broken Function Level Authorization
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 10 - API62023
- 1 -API62023 - Unrestricted Access to Sensitive Business Flows
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 11 - API72023
- 1 -API72023 - Server Side Request Forgery (SSRF)
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 12 - API82023
- 1 -API82023 - Security Misconfiguration
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 13 - API92023
- 1 -API92023 - Improper Inventory Management
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 14 - API102023
- 1 -API102023 - Unsafe Consumption of APIs
- 2 -Real-World Impact
- 3 -Mitigation Strategies
- 15 - Summary and Best Practices
- 1 -API Security Best Practices