Workshop: The OWASP API Security Top Ten 2023 with Tanya Janca
Overview
- Course Length: 4 hours
- Support from expert instructors
- Includes a certificate of completion
APIs are the backbone of modern applications—but they also introduce unique security risks. In this hands-on workshop, participants will focus on the OWASP API Security Top Ten (2023).
Using a “Bad, Better, Best” approach, they will analyze insecure API patterns, discuss mitigation techniques, and review improved code examples. Students can either download the code from the instructor’s GitHub repository to follow along on their own machines using VS Code or view the live walkthrough on the instructor’s screen.
Syllabus:
Introduction & Setup
- Brief overview of the workshop agenda
- Instructions for downloading code from GitHub
- Setting up VS Code and previewing the “Bad, Better, Best” examples
OWASP API Top Ten (Items 1-5)
- Brief overview of each item, its associated risks, and remediation
- Guided code review for each item:
- Bad: Reviewing an API with no defenses
- Better: Introducing one defense
- Best: Implementing multiple defenses
- Open discussion: Key takeaways and questions
OWASP API Top Ten (Items 6-10)
- Brief overview of each item, its associated risks, and remediation
- Guided code review for each item:
- Bad: Reviewing an API with no defenses
- Better: Introducing one defense
- Best: Implementing multiple defenses
- Open discussion: Lessons learned and practical applications
Wrap-Up & Q&A
- List of free and Open Source API Security Tools
- Conclusion and Questions
- Suggestions for continued learning and resources
Virtual (September 19th, 2025)
- September 19th – 11 AM EST – 4 PM ES
FAQ
Student/Lab Requirements:
Modern operating system that can run VS Code (https://code.visualstudio.com/download), the ability to connect to the internet with a fastest enough speed for streaming, modern web browser installed, the ability to visit the streaming platform site and also GitHub.com. Please install VS Code before the class.
Please install VS Code (or your IDE of preference, any will do) before the class and ensure you can visit the site GitHub.com
Who Should Attend/Prerequisites:
Who Should Attend:
- Developers, DevOps engineers, and software architects who work with APIs
- Security professionals looking to enhance their API security knowledge
- Anyone responsible for designing, implementing, or maintaining API-based applications
Prerequisites:
- Familiarity with API concepts and web application development
- Basic knowledge of coding and using VS Code
- No prior API security experience is required
Audience Skill Level:
- Intermediate
Live Training
- Pay What You Can
- Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
- Access to course slides for future reference
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge
