Java - API Security

Java - API Security

Learn about code vulnerability, why it happens, and how to eliminate it

Select a tutorial and start sharpening your skills!

Start

This is a free version.

Broken Object-Level Authorization

Broken Object Level Authorization (BOLA) is the most common and most severe API vulnerability. It holds 1st place in the list of OWASP Top 10 API Security Vulnerabilities. If the company has an API, it could be vulnerable to BOLA. Play and Learn...

5-8 MIN

Broken Object-Level Authorization

Broken Function-Level Authorization

Broken Function Level Authorization (BFLA) is one of the most common API vulnerabilities. It allows attackers to access unauthorized functionality (and administrative functions, in particular). Play and Learn...

5-8 MIN

Broken Function-Level Authorization
Available in Full Version only

Introduction to API Security

Modern software developers use APIs a lot. APIs are an essential part of micro-services, single-page and mobile applications, IoT devices, business-to-business communication, etc. Increased API use broadens the attack surface, thus introducing more possibilities for a hacker to perform a successful attack. Play and Learn...

5-8 MIN

Introduction to API Security
Available in Full Version only

Authentication in APIs

“Authentication” and “authorization” terms are often used interchangeably and incorrectly. Even seasoned developers and specification authors sometimes misuse the terms. A clear understanding of each term and the processes behind them is essential for understanding API security. Play and Learn...

5-8 MIN

Authentication in APIs
Available in Full Version only

Separating Authentication

Secure authentication design in APIs is one of the most crucial aspects of API Security. Although this may seem obvious, it is often unclear to developers what that means, and what they should do to ensure that the authentication mechanisms in their APIs are implemented in a secure way. Play and learn…

5-8 MIN

Separating Authentication
Available in Full Version only

Authorization in APIs

“Authentication” and “authorization” terms are often used interchangeably and incorrectly. Even seasoned developers and specification authors sometimes misuse the terms. A clear understanding of each term and the processes behind them is essential for understanding API security. Play and Learn...

5-8 MIN

Authorization in APIs
Available in Full Version only

Brute Force Attacks

A brute force attack is a hacking method that uses trial-and-error to crack passwords, login credentials, and encryption keys. The attacker systematically submits many different user/password combinations until the correct one is found. Play and Learn...

5-8 MIN

Brute Force Attacks
Available in Full Version only

Authentication Credentials In URL

Sensitive data, such as personally identifiable information may appear as query string parameters in the URL and might be saved in systems that the API communicates with. Attackers can reach the exposed sensitive data and exploit it for their own benefit. Want to know how to prevent these kinds of attacks? Play and Learn...

5-8 MIN

Authentication Credentials In URL