API security in Node.js (ASINJS)

 

Course Overview

Your application written in Node works as intended, so you are done, right? But do your APIs behave well for incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because these are the values the bad guys will feed in – and the list is far from complete.

The course provides a comprehensive walkthrough on the OWASP API Security Top Ten, equipping developers, security professionals, and architects with the knowledge to identify, mitigate, and prevent the most critical security risks in modern API-driven applications. Each of the ten risks – including Broken Object, Property and Function Level Authorization (BOLA, BOPLA and BFLA), Unrestricted Resource Consumption, Unsafe Consumption of APIs, and more – are discussed in detail with real-world examples, hands-on labs, and mitigation strategies. Topics are discussed in the context of classic APIs, rest APIs as well as GraphQL.

Beyond the top ten list, the course can also expand into further key security topics that are crucial for developers but often overlooked in API security, such as cryptography, integer overflows, and code quality.

Whether you are a beginner in API security or an experienced developer looking to sharpen your skills, this course offers valuable knowledge to build APIs that are not only functional and efficient but also secure and resilient.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Who should attend

API developers in JS and TS

Prerequisites

General JS/TS development

Course Objectives

  • Getting familiar with essential cyber security concepts
  • Understanding API security issues
  • Detailed analysis of the OWASP API Security Top Ten elements
  • Putting API security in the context of JS/TS
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components
  • Input validation approaches and principles

Course Content

  • Cyber security basics
  • OWASP API Security Top Ten
  • API1 - Broken Object Level Authorization
  • API2 - Broken Authentication
  • API3 - Broken Object Property Level Authorization
  • API4 - Unrestricted Resource Consumption
  • API5 - Broken Function Level Authorization
  • API6 - Unrestricted Access to Sensitive Business Flows
  • API7 - Server Side Request Forgery
  • API8 - Security Misconfiguration
  • API9 - Improper Inventory Management
  • API10 - Unsafe Consumption of APIs
  • Wrap up

Prices & Delivery methods

Online Training
Modality: L

Duration 3 days

Price
  • on request
Dates and Booking
Request a date
Classroom Training
Modality: C

Duration 3 days

Price
  • Eastern Europe: 2,250.— €
Dates and Booking
Request a date

Currently there are no training dates scheduled for this course.