101 - Introduction to REST API Security

Why this course?

Your APIs are the gateway to your business. If they’re poorly built, you don’t need hackers - you’ll break yourself.

Every day, thousands of companies expose their sensitive data through misconfigured APIs. Endpoints without authentication, responses that reveal too much information, non-existent validations… The result? Data leaks, loss of customer trust, and million-dollar fines.

This course is designed by Dani García, lead engineer for 5 years at 42Crunch, the UK’s leading API security company. Here you won’t find abstract theory: you’ll learn what works in the real world, with practical examples and real cases.

In just 1 hour, you’ll have a solid foundation to start protecting your APIs from today.

What you’ll learn

• REST API security fundamentals: Essential concepts every developer should know
• OWASP API Security Top 10: The most critical vulnerabilities and how to avoid them
• Authentication and authorization: Best practices to protect access to your endpoints
• WAF and perimeter protection: How to add additional layers of security
• Input validation: Techniques to sanitize data and prevent injections
• Secure error handling: What to reveal and what to hide in your responses
• Rate limiting and throttling: Protect your API against abuse and brute force attacks
• Development best practices: Secure patterns you can apply immediately

Curriculum

Module 1: General Concepts (5 videos)

• Course introduction
• Introduction to API security
• The disaster: What happened?
• API Governance
• REST API Hacking

Module 2: Protection Measures (2 videos)

• Traditional WAFs
• New WAFs for APIs

Module 3: Best Practices (1 video)

• The challenge of specifications

Module 4: Additional Resources

• Downloadable slides

Module 5: Exam and Certificate

• Final test with certificate

Who is this for?

• Backend developers working with REST APIs who want to learn security from scratch
• Junior and mid-level programmers who need solid security fundamentals
• CTOs and tech leads who want to ensure their team follows best practices
• DevOps who need to understand vulnerabilities to protect infrastructure
• QA engineers who want to include security testing in their processes

Prerequisites

• Basic knowledge of what a REST API is
• Familiarity with HTTP concepts (methods, headers, status codes)
• Desire to learn and improve your application security

No prior security experience needed. This course is designed for beginners.

What’s included

• Over 1 hour of video in high quality
• 1 downloadable resource with complementary material
• Access on mobile app and TV to learn wherever you want
• Lifetime access with no expiration
• Certificate of completion upon finishing the course
• Free updates when new content is added