API security in C# (ASIC)

 

Course Overview

Your application written in C# works as intended, so you are done, right? But do your APIs behave well for incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because these are the values the bad guys will feed in – and the list is far from complete.

The course provides a comprehensive walkthrough on the OWASP API Security Top Ten, equipping developers, security professionals, and architects with the knowledge to identify, mitigate, and prevent the most critical security risks in modern API-driven applications. Each of the ten risks – including Broken Object, Property and Function Level Authorization (BOLA, BOPLA and BFLA), Unrestricted Resource Consumption, Unsafe Consumption of APIs, and more – are discussed in detail with real-world examples, hands-on labs, and mitigation strategies. Topics are discussed in the context of classic APIs, rest APIs as well as GraphQL.

Beyond the top ten list, the course can also expand into further key security topics that are crucial for developers but often overlooked in API security, such as cryptography, integer overflows, and code quality.

Whether you are a beginner in API security or an experienced developer looking to sharpen your skills, this course offers valuable knowledge to build APIs that are not only functional and efficient but also secure and resilient.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Who should attend

C# API developers

Prerequisites

General C# development

Course Objectives

  • Getting familiar with essential cyber security concepts
  • Understanding API security issues
  • Detailed analysis of the OWASP API Security Top Ten elements
  • Putting API security in the context of C#
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components
  • Input validation approaches and principles

Course Content

  • Cyber security basics
  • OWASP API Security Top Ten
  • API1 - Broken Object Level Authorization
  • API2 - Broken Authentication
  • API3 - Broken Object Property Level Authorization
  • API4 - Unrestricted Resource Consumption
  • API5 - Broken Function Level Authorization
  • API6 - Unrestricted Access to Sensitive Business Flows
  • API7 - Server Side Request Forgery
  • API8 - Security Misconfiguration
  • API9 - Improper Inventory Management
  • API10 - Unsafe Consumption of APIs
  • Wrap up

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • 2,250.— € (excl. tax)
    2,677.50 € (incl. 19% tax)
Dates and Booking
Request a date
Classroom Training

Duration
3 days

Price
  • Germany:
    2,250.— € (excl. tax)
    2,677.50 € (incl. 19% tax)
incl. catering
Dates and Booking
Request a date

Currently there are no training dates scheduled for this course.

Request a date