about this book
The goal of this book is to teach you how to secure your APIs. You’ll learn about the most common exploits hackers use to breach APIs and how to prevent them through secure API design, implementation, and operations. You’ll learn to threat-model risks for your APIs; create a zero-trust security strategy; automate your security-testing process; keep your attack surface under control; use observability for threat detection; and apply the highest, most advanced industry standards for authentication, authorization, and data validation.
Who should read this book
This book is helpful for software developers, architects, technical leaders, QA engineers, and product owners who work with APIs. The book covers advanced topics at the intersection between APIs and cybersecurity, but all concepts are explained in detail and in accessible language, with plenty of examples and illustrations and emphasis on the business impact of every API vulnerability. Therefore, the book should be accessible to both technical and nontechnical readers. As I emphasize throughout the book, API security is everybody’s job, and tackling it properly requires a strong alignment among business, product, and technical teams. I hope that this book helps create such alignment by being accessible to all stakeholders.