Sign Up for our Free One-Day SOC Summit Event March 25, 2026 Register Here

Workshop: The OWASP API Security Top Ten 2023 with Tanya Janca

Course Authored by .

Workshop: The OWASP API Security Top Ten (2023)

APIs are the backbone of modern applications—but they also introduce unique security risks. In this hands-on workshop, participants will focus on the OWASP API Security Top Ten (2023).

Course Length: 4 Hours

Includes a Certificate of Completion



Description

APIs are the backbone of modern applications—but they also introduce unique security risks. In this hands-on workshop, participants will focus on the OWASP API Security Top Ten (2023).

Using a “Bad, Better, Best” approach, they will analyze insecure API patterns, discuss mitigation techniques, and review improved code examples. Students can either download the code from the instructor’s GitHub repository to follow along on their own machines using VS Code or view the live walkthrough on the instructor’s screen.

  • Student/Lab Requirements:
    • Modern operating system that can run VS Code (https://code.visualstudio.com/download), the ability to connect to the internet with a fastest enough speed for streaming, modern web browser installed, the ability to visit the streaming platform site and also GitHub.com. Please install VS Code before the class. 
    • Please install VS Code (or your IDE of preference, any will do) before the class and ensure you can visit the site GitHub.com 

Syllabus

Introduction & Setup

    • Brief overview of the workshop agenda

    • Instructions for downloading code from GitHub

    • Setting up VS Code and previewing the “Bad, Better, Best” examples

OWASP API Top Ten (Items 1-5)

    • Brief overview of each item, its associated risks, and remediation

    • Guided code review for each item:

        • Bad: Reviewing an API with no defenses

        • Better: Introducing one defense

        • Best: Implementing multiple defenses

    • Open discussion: Key takeaways and questions

OWASP API Top Ten (Items 6-10)

    • Brief overview of each item, its associated risks, and remediation

    • Guided code review for each item:

        • Bad: Reviewing an API with no defenses

        • Better: Introducing one defense

        • Best: Implementing multiple defenses

    • Open discussion: Lessons learned and practical applications

Wrap-Up & Q&A

    • List of free and Open Source API Security Tools

    • Conclusion and Questions

    • Suggestions for continued learning and resources

FAQ

Who Should Attend:

Developers, DevOps engineers, and software architects who work with APIs
Security professionals looking to enhance their API security knowledge
Anyone responsible for designing, implementing, or maintaining API-based applications

Prerequisites:

Familiarity with API concepts and web application development
Basic knowledge of coding and using VS Code
No prior API security experience is required

Audience Skill Level:

Intermediate

About the Instructor

Pixel splash background
Bio

Tanya Janca, aka SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Secure Coding’, ‘Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software.

Related products

Shopping Cart

No products in the cart.