Academy

Know and learn more on API Security.

API Security

API security protects unauthorized access, data breaches, and attacks, ensuring safe communication between systems and services.

API Security 101

API Security Architecture

API Security Assessment

API Security Framework

Secure APIs

Secure APIs by using authentication, authorization, input validation, rate limiting, encryption, logging, threat detection, and continuous testing for vulnerabilities.

Secure an API

Secure an Endpoint

Secure All API Calls

Secure API without Authentication

Restful APIs

RESTful APIs are web services that use HTTP methods to perform operations on resources, following REST architecture principles for scalability and simplicity.

RESTful API Guidelines

RESTful API Best Practices

RESTful API URL Best Practices

RESTful API Design Best Practices

 

Best Practices

Best practices help organizations avoid becoming easy targets for hackers, breaches, damage to their reputation, and lead to legal or regulatory penalties.

API Best Practices

API Security Best Practices

API Protection Best Practices

REST API Security Best Practices

OpenAPI Standards and Best Practices

Security Glossary

A curated list of key terms, definitions, and concepts commonly used in the field of cybersecurity, focusing primarily on API Security.

API Sprawl

Business Logic Attack

Broken Object Level Authorization

Dynamic Application Security Testing

View More

API Testing

API security focuses on protecting APIs from unauthorized access, data breaches, and misuse, ensuring secure communication between services and systems.

API Security Testing

API Penetration Testing

API Vulnerability Testing

REST API Security Testing

Glossary

API Discovery
API Sprawl
API Endpoint
API Gateway
Account Takeover (ATO)
Blue Team
Bots
Bot Attack
Bot Management Tools
Broken Access Controls
Broken Authentication/Broken User Authentication (BUA)
Broken Function Level Authorization (BFLA)
Broken Object Level Authorization (BOLA)
Bug Bounty Program
Business Logic Attack
Click Fraud
Client-Side Attacks
Cloud-native Security
Coupon Scraping
Credential Abuse
Credential Stuffing
Cross-Site Scripting (XSS)
Cryptomining Malware
DAST
Data Breach
Data Exfiltration/Leakage
DDoS
Defense-in-Depth (DiD)
Device Fingerprinting
DevSecOps
Excessive Data Exposure
Gift Card Fraud
GraphQL
IAST
Improper Assets Management
Injection
Insecure Deserialization
Insecure Direct Object Reference (IDOR)
Insufficient Logging & Monitoring
Inventory Hoarding
Keystroke Loggers
Lack of Resources & Rate Limiting
Leaking API
Local File Inclusion (LFI)
Magecart
Mass Assignment
Next Generation WAF
Open Authorization (OAuth)
OWASP
OWASP Top 10
OWASP API Top 10
Penetration Testing
Personally Identifiable Information (PII)
Policy Decision Point (PDP)
Policy Enforcement Point (PEP)
Positive Security Model
Purple Team
RASP / Runtime Application Self Protection
Red Team
Remote Code Execution (RCE)
SAST
Secure SDLC
Security Misconfiguration
Sensitive Data Exposure
Shadow APIs
Software Composition Analysis (SCA)
Swagger
Taint Analysis
Threat Actor
Threat Landscape
Threat Modeling
WAAP / Web Application & API Protection
WAF / Web Application Firewall
Web Application Security
Web Scraping
WebSockets
Zero-day Attack
Certifications and Compliance Logo