Defending APIs


Book Description

Get up to speed with API security using this comprehensive guide full of best practices for building safer and secure APIs Key Features Develop a profound understanding of the inner workings of APIs with a sharp focus on security Learn the tools and techniques employed by API security testers and hackers, establishing your own hacking laboratory Master the art of building robust APIs with shift-left and shield-right approaches, spanning the API lifecycle Purchase of the print or Kindle book includes a free PDF eBook Book DescriptionAlong with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges. The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios. Guided by clear step-by-step instructions, you’ll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you’re learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up. By the end of this book, you’ll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs.What you will learn Explore the core elements of APIs and their collaborative role in API development Understand the OWASP API Security Top 10, dissecting the root causes of API vulnerabilities Obtain insights into high-profile API security breaches with practical examples and in-depth analysis Use API attacking techniques adversaries use to attack APIs to enhance your defensive strategies Employ shield-right security approaches such as API gateways and firewalls Defend against common API vulnerabilities across several frameworks and languages, such as .NET, Python, and Java Who this book is for This book is for application security engineers, blue teamers, and security professionals looking forward to building an application security program targeting API security. For red teamers and pentesters, it provides insights into exploiting API vulnerabilities. API developers will benefit understanding, anticipating, and defending against potential threats and attacks on their APIs. While basic knowledge of software and security is required to understand the attack vectors and defensive techniques explained in the book, a thorough understanding of API security is all you need to get started.




Pentesting APIs


Book Description

Learn the essential steps to successfully identify and leverage API endpoints with a sequenced and structured approach Key Features Gain detailed insights into vulnerabilities and attack vectors for RESTful and GraphQL APIs Follow practical advice and best practices for securing APIs against potential threats Explore essential security topics, potential vulnerabilities, common attack vectors, and the overall API security landscape Purchase of the print or Kindle book includes a free PDF eBook Book DescriptionUnderstanding API security is crucial as APIs form the backbone of modern interconnected applications, making them prime targets for cyberattacks. Drawing on nearly 30 years of cybersecurity experience and an extensive background in network security and forensic analysis, this book provides the knowledge and tools to strengthen your API security practices and protect against cyber threats comprehensively. This book begins by establishing a foundational understanding of APIs, particularly focusing on REST and GraphQL, emphasizing their critical role and potential security vulnerabilities. It guides you through setting up a penetration testing environment to ensure the practical application of concepts. You’ll learn reconnaissance techniques, information-gathering strategies, and the discovery of API vulnerabilities. Authentication and authorization testing are thoroughly explored, covering mechanisms, weaknesses, and methods to bypass security controls. By comprehensively addressing these aspects, the book equips you to understand, identify, and mitigate risks, strengthening API security and effectively minimizing potential attack surfaces. By the end of this book, you’ll have developed practical skills to identify, exploit, and secure APIs against various vulnerabilities and attacks.What you will learn Get an introduction to APIs and their relationship with security Set up an effective pentesting lab for API intrusion Conduct API reconnaissance and information gathering in the discovery phase Execute basic attacks such as injection, exception handling, and DoS Perform advanced attacks, including data exposure and business logic abuse Benefit from expert security recommendations to protect APIs against attacks Who this book is for This book is for security engineers, particularly those focused on application security, as well as security analysts, application owners, web developers, pentesters, and all curious enthusiasts who want to learn about APIs, effective testing methods for their robustness, and how to protect them against cyber attacks. Basic knowledge of web development, familiarity with API concepts, and a foundational understanding of cybersecurity principles will help you get started with this book.




Ethical Password Cracking


Book Description

Investigate how password protection works and delve into popular cracking techniques for penetration testing and retrieving data Key Features Gain guidance for setting up a diverse password-cracking environment across multiple platforms Explore tools such as John the Ripper, Hashcat, and techniques like dictionary and brute force attacks for breaking passwords Discover real-world examples and scenarios to navigate password security challenges effectively Purchase of the print or Kindle book includes a free PDF eBook Book DescriptionWhether you’re looking to crack passwords as part of a thorough security audit or aiming to recover vital information, this book will equip you with the skills to accomplish your goals. Written by a cybersecurity expert with over fifteen years of experience in penetration testing, Ethical Password Cracking offers a thorough understanding of password protection and the correct approach to retrieving password-protected data. As you progress through the chapters, you first familiarize yourself with how credentials are stored, delving briefly into the math behind password cracking. Then, the book will take you through various tools and techniques to help you recover desired passwords before focusing on common cracking use cases, hash recovery, and cracking. Real-life examples will prompt you to explore brute-force versus dictionary-based approaches and teach you how to apply them to various types of credential storage. By the end of this book, you'll understand how passwords are protected and how to crack the most common credential types with ease.What you will learn Understand the concept of password cracking Discover how OSINT potentially identifies passwords from breaches Address how to crack common hash types effectively Identify, extract, and crack Windows and macOS password hashes Get up to speed with WPA/WPA2 architecture Explore popular password managers such as KeePass, LastPass, and 1Password Format hashes for Bitcoin, Litecoin, and Ethereum wallets, and crack them Who this book is for This book is for cybersecurity professionals, penetration testers, and ethical hackers looking to deepen their understanding of password security and enhance their capabilities in password cracking. You’ll need basic knowledge of file and folder management, the capability to install applications, and a fundamental understanding of both Linux and Windows to get started.




API Security in Action


Book Description

API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography. Summary A web API is an efficient way to communicate with an application or service. However, this convenience opens your systems to new security risks. API Security in Action gives you the skills to build strong, safe APIs you can confidently expose to the world. Inside, you’ll learn to construct secure and scalable REST APIs, deliver machine-to-machine interaction in a microservices architecture, and provide protection in resource-constrained IoT (Internet of Things) environments. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology APIs control data sharing in every service, server, data store, and web client. Modern data-centric designs—including microservices and cloud-native applications—demand a comprehensive, multi-layered approach to security for both private and public-facing APIs. About the book API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography. When you’re done, you’ll be able to create APIs that stand up to complex threat models and hostile environments. What's inside Authentication Authorization Audit logging Rate limiting Encryption About the reader For developers with experience building RESTful APIs. Examples are in Java. About the author Neil Madden has in-depth knowledge of applied cryptography, application security, and current API security technologies. He holds a Ph.D. in Computer Science. Table of Contents PART 1 - FOUNDATIONS 1 What is API security? 2 Secure API development 3 Securing the Natter API PART 2 - TOKEN-BASED AUTHENTICATION 4 Session cookie authentication 5 Modern token-based authentication 6 Self-contained tokens and JWTs PART 3 - AUTHORIZATION 7 OAuth2 and OpenID Connect 8 Identity-based access control 9 Capability-based security and macaroons PART 4 - MICROSERVICE APIs IN KUBERNETES 10 Microservice APIs in Kubernetes 11 Securing service-to-service APIs PART 5 - APIs FOR THE INTERNET OF THINGS 12 Securing IoT communications 13 Securing IoT APIs




Threat Hunting in the Cloud


Book Description

Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors. You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation. With this book you'll learn: Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment Metrics available to assess threat hunting effectiveness regardless of an organization's size How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs) Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices. Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.




Hacking APIs


Book Description

Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks. In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice: • Enumerating APIs users and endpoints using fuzzing techniques • Using Postman to discover an excessive data exposure vulnerability • Performing a JSON Web Token attack against an API authentication process • Combining multiple API attack techniques to perform a NoSQL injection • Attacking a GraphQL API to uncover a broken object level authorization vulnerability By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.




Beyond AI


Book Description

This book explores the transformative potential of ChatGPT, Web3, and their impact on productivity and various industries. It delves into Generative AI (GenAI) and its representative platform ChatGPT, their synergy with Web3, and how they can revolutionize business operations. It covers the potential impact surpassing prior industrial revolutions. After providing an overview of GenAI, ChatGPT, and Web3, it investigates business applications in various industries and areas, such as product management, finance, real estate, gaming, and government, highlighting value creation and operational revolution through their integration. It also explores their impact on content generation, customer service, personalization, and data analysis and examines how the technologies can enhance content quality, customer experiences, sales, revenue, and resource efficiency. Moreover, it addresses security, privacy, and ethics concerns, emphasizing the responsible implementation of ChatGPT and Web3. Written by experts in this field, this book is aimed at business leaders, entrepreneurs, students, investors, and professionals who are seeking insights into ChatGPT, ChatGPT Plug-in, GPT-based autonomous agents, and the integration of Gen AI and Web3 in business applications.




Attack and Defend Computer Security Set


Book Description

Defend your networks and data from attack with this unique two-book security set The Attack and Defend Computer Security Set is a two-book set comprised of the bestselling second edition of Web Application Hacker’s Handbook and Malware Analyst’s Cookbook. This special security bundle combines coverage of the two most crucial tactics used to defend networks, applications, and data from attack while giving security professionals insight into the underlying details of these attacks themselves. The Web Application Hacker's Handbook takes a broad look at web application security and exposes the steps a hacker can take to attack an application, while providing information on how the application can defend itself. Fully updated for the latest security trends and threats, this guide covers remoting frameworks, HTML5, and cross-domain integration techniques along with clickjacking, framebusting, HTTP parameter pollution, XML external entity injection, hybrid file attacks, and more. The Malware Analyst's Cookbook includes a book and DVD and is designed to enhance the analytical capabilities of anyone who works with malware. Whether you’re tracking a Trojan across networks, performing an in-depth binary analysis, or inspecting a machine for potential infections, the recipes in this book will help you go beyond the basic tools for tackling security challenges to cover how to extend your favorite tools or build your own from scratch using C, Python, and Perl source code. The companion DVD features all the files needed to work through the recipes in the book and to complete reverse-engineering challenges along the way. The Attack and Defend Computer Security Set gives your organization the security tools needed to sound the alarm and stand your ground against malicious threats lurking online.




Implementing Oracle API Platform Cloud Service


Book Description

Work with the newest Oracle API Platform Cloud Service to interface with the increasingly complex array of services your clients want. Key Features Understand the architecture and functionality of the new Oracle API Cloud Service Platform Understand typical use cases for the new platform and how it can work for you Design your own APIs, then deploy and customize your APIs Implement Oauth 2.0 policy and custom policies Migrate from Oracle 12c solutions to the new Oracle API platform Book Description Implementing Oracle API Platform Cloud Service moves from theory to practice using the newest Oracle API management platform. This critical new platform for Oracle developers allows you to interface the complex array of services your clients expect in the modern world. First, you'll learn about Oracle’s new platform and get an overview of it, then you'll see a use case showing the functionality and use of this new platform for Oracle customers. Next, you’ll see the power of Apiary and begin designing your own APIs. From there, you’ll build and run microservices and set up the Oracle API gateways. Moving on, you’ll discover how to customize the developer portal and publish your own APIs. You’ll spend time looking at configuration management on the new platform, and implementing the Oauth 2.0 policy, as well as custom policies. The latest finance modules from Oracle will be examined, with some of the third party alternatives in sight as well. This broad-scoped book completes your journey with a clear examination of how to transition APIs from Oracle API Management 12c to the new Oracle API Platform, so that you can step into the future confidently. What you will learn Get an overview of the Oracle API Cloud Service Platform See typical use cases of the Oracle API Cloud Service Platform Design your own APIs using Apiary Build and run microservices Set up API gateways with the new API platform from Oracle Customize developer portals Configuration management Implement Oauth 2.0 policies Implement custom policies Get a policy SDK overview Transition from Oracle API Management 12c to the new Oracle API platform Who this book is for This book is for all Oracle developers who are working or plan to work with the Oracle API Platform Cloud Service.




Ecology and Natural History of Tropical Bees


Book Description

Humans have been fascinated by bees for centuries. Bees display a wide spectrum of behaviours and ecological roles that have provided biologists with a vast amount of material for study. Among the types observed are both social and solitary bees, those that either pollinate or destroy flowers, and those that display traits allowing them to survive underwater. Others fly mainly at night, and some build their nests either in the ground or in the tallest rain forest trees. This highly acclaimed book summarises and interprets research from around the world on tropical bee diversity and draws together major themes in ecology, natural history and evolution. The numerous photographs and line illustrations, and the large reference section, qualify this book as a field guide and reference for workers in tropical and temperate research. The fascinating ecology and natural history of these bees will also provide absorbing reading for other ecologists and naturalists. This book was first published in 1989.