We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Zero Trust APIs with Python

Formal Metadata

Title
Zero Trust APIs with Python
Title of Series
Number of Parts
131
Author
Contributors
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
What does it take to deliver a properly secured API? When we think about API security, we first think of authentication and authorization. But there’s more to it. API security also includes protecting against SQL Injection attacks, Mass Assignment, Excessive Data Exposure, Server-Side Request Forgery (SSRS), and more. APIs are now the main attack vector on the Internet, and we gotta do something about it. Thankfully, Python boasts excellent libraries for API development, like FastAPI, the Django REST Framework, APIFlask, and more. When used properly, these libraries help us deliver secure APIs. In this talk, I’ll present a model of Zero Trust Security for APIs that applies robust data validation and sanitization across all data flows to help us deliver secure APIs. You’ll learn how your API design and implementation choices impact API security and how to discover and tackle vulnerabilities. We’ll walk through practical examples of SQL injection, mass assignment, big payload attacks, pagination attacks, and more. We’ll see how URL parameters and request payloads can become attack vectors when they’re not properly configured. You’ll also learn how to use tools like schemathesis and Spectral to automate and scale the process of detecting vulnerabilities in your APIs. By the end of this talk, you’ll be aware of the most important threats to our APIs and you’ll know how to discover and address them effectively. You’ll also get familiar with the concepts of API Security by Design, Shift-Left API Security, and Zero Trust APIs.