API Security 

Course & Training

APIs (Application Programming Interfaces) are the backbone of modern applications and IT ecosystems. They enable seamless integration between systems and services, but are also a popular target for attacks. In this two-day course, you will learn how to develop, configure and operate APIs securely in order to ward off threats and ensure the integrity of your systems.

APIs connect applications, systems, and services, making them indispensable for successful digitalization. However, their growing importance also increases the risk of security incidents. In our “API Security” course, you’ll gain the knowledge needed to protect your APIs from common attacks and maintain the integrity of your systems. Learn hands-on how to implement security measures and adhere to standards such as the OWASP API Security Top 10.

In-House Course:

We are happy to conduct tailored courses for your team - on-site, remotely or in our course rooms.

Request In-House Course

Public Course Schedule:

   

Content:


- Day 1: Fundamentals and Threats
... - Introduction to API Security: Why securing APIs is crucial
... - OWASP API Security Top 10: Overview and real-world examples
... - Common API attacks: Injection, Broken Authentication, Data Exposure
... - Authentication and Authorization: OAuth 2.0, OpenID Connect, JWT
... - Practical exercises: Identifying and addressing vulnerabilities

- Day 2: Protection Measures and Implementation
... - API Gateways and their security features: Usage and configuration
... - Protecting against data leaks: Input validation and data masking
... - Encryption and tokenization: Best practices
... - Monitoring and logging: Tracking API activity
... - Designing secure APIs: Architectures and development principles
... - Final exercise: Applying a security concept to an API

We will focus on deepening and understanding a specific selection of topics.


Disclaimer: The actual course content may vary from the above, depending on the trainer, implementation, duration and constellation of participants.

Whether we call it training, course, workshop or seminar, we want to pick up participants at their point and equip them with the necessary practical knowledge so that they can apply the technology directly after the training and deepen it independently.

Goal:

The aim of the course is to enable participants to design and operate APIs securely. They learn to recognize typical threats, apply protective measures and implement security standards.


Form:

A proven mix of concepts, live coding and collaboration on an exemplary API. Always geared towards the efficient usage of Spring Security in real-life projects and production.


Target Audience:

The course is aimed at software developers, IT architects, technical project managers, DevOps and security experts.


Requirements:

Basic knowledge of software development and API integration is required. Experience with REST or SOAP interfaces is helpful, but not essential.


Preparation:

Each participant receives a questionnaire and installation instructions after registration. Matching the answers we send individual feedback.

Request In-House Course:

In-House Kurs Anfragen

Waitinglist for public course:

Sign up for the waiting list for more public course dates. Once we have enough people on the waiting list, we will determine a date that suits everyone as much as possible and schedule a new session. If you want to participate directly with two colleagues, we can even plan a public course specifically for you.

Waiting List Request

(If you already have 3 or more participants, we will discuss your preferred date directly with you and announce the course.)


Share by: