OWASP top 10 - API Security training

Open any newspaper or news app and you will be confronted with ominous news titles exposing the many software risks; digital hazards that organizations face on a daily basis. Data leaks, phishing, and ransomware attacks, caused by poor shielding, bugs, poor security, negligence, indifference or even ignorance. This means that security has become increasingly important in recent years. As a developer, you have to keep up, stay up-to-date, if you want to prevent yourself or your organization from becoming the next victim of one of the many risk factors.

To make developers and other stakeholders more aware of and to arm themselves against these risks, we have developed this training in which we highlight the most common security risks. And in particular, API Security strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs).

These most common risks have been identified by the Open Web Application Security Project in the OWASP top 10 and the API Security Top 10. We teach you, among other things, how you can apply the OWASP and API Security top 10 in your software development and ensure that the risks are being minimized.

The OWASP top 10 and the API Security top 10 represent a broad consensus on the most critical security risks for web applications. There is a lot of overlap between the two and we combine the topics to offer you the most relevant, up-to-date training. We cover: 

• Broken Object Level Authorization
• Broken Access Control
• Excessive Data Exposure
• Lack of Resources & Rate Limiting
• Mass Assignment
• Security Misconfiguration
• Injection
• Insecure Design
• Improper Assets Management
• Vulnerable and Outdated Components
• Security Logging and Monitoring Failures
• Software and Data Integrity Failures
• Server-Side Request Forgery

Knowing and using the OWASP risks is perhaps the most effective first step to improve the software development processes and culture within your organization. In this training, we will therefore work hands-on with these topics.

We combine theoretical explanation with practical application. The vulnerabilities from the OWASP top 10 are explained in detail, after which you get to work hands-on in small groups, under the guidance of our trainers. We use a modern application in which we actively look for vulnerabilities. After each assignment, we discuss what has been found, what the cause is, and how we can solve this.

The training takes 1 whole day and takes place online via Microsoft Teams.

The training is given by one of our most experienced consultants and the Security Officer of YieldDD: Gerben van de Wiel. In addition, you may have seen him in one of our Betatalks.

The training is suitable for all developers, architects, and testers who want to know more about software risks, vulnerabilities in applications, and how hackers work in practice. In fact, if you are concerned with these vulnerabilities, knowledge of the OWASP top 10 is actually a must.

Participation costs: €695,- excl. VAT.