The Making of A God and Other Works of Black Art. The Lost Writings of Basil Crouch
معرفی کتاب «The Making of A God and Other Works of Black Art. The Lost Writings of Basil Crouch» نوشتهٔ Christopher، Staveley، Confidence، Romeo و James Finbarr، منتشرشده توسط نشر 2010 در سال 2010. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Become an API security professional and safeguard your applications against threats with this comprehensive guide Key Features - Gain hands-on experience in testing and fixing API security flaws through practical exercises - Develop a deep understanding of API security to better protect your organization's data - Integrate API security into your company's culture and strategy, ensuring data protection - Purchase of the print or Kindle book includes a free PDF eBook Book Description APIs have evolved into an essential part of modern applications, making them an attractive target for cybercriminals. Written for security professionals and developers, this comprehensive guide offers practical insights into testing APIs, identifying vulnerabilities, and fixing them. With a focus on hands-on learning, this book guides you through securing your APIs in a step-by-step manner. You'll learn how to bypass authentication controls, circumvent authorization controls, and identify vulnerabilities in APIs using open-source and commercial tools. Moreover, you'll gain the skills you need to write comprehensive vulnerability reports and recommend and implement effective mitigation strategies to address the identified vulnerabilities. This book isn't just about hacking APIs; it's also about understanding how to defend them. You'll explore various API security management strategies and understand how to use them to safeguard APIs against emerging threats. By the end of this book, you'll have a profound understanding of API security and how to defend against the latest threats. Whether you're a developer, security professional, or ethical hacker, this book will ensure that your APIs are secure and your organization's data is protected. What you will learn - Implement API security best practices and industry standards - Conduct effective API penetration testing and vulnerability assessments - Implement security measures for API security management - Understand threat modeling and risk assessment in API security - Gain proficiency in defending against emerging API security threats - Become well-versed in evasion techniques and defend your APIs against them - Integrate API security into your DevOps workflow - Implement API governance and risk management initiatives like a pro Who this book is for If you're a cybersecurity professional, web developer, or software engineer looking to gain a comprehensive understanding of API security, this book is for you. The book is ideal for those who have beginner to advanced-level knowledge of cybersecurity and API programming concepts. Professionals involved in designing, developing, or maintaining APIs will also benefit from the topics covered in this book. Table of Contents - Introduction to API Architecture and Security - The Evolving API Threat Landscape and Security Considerations - OWASP API Security Top 10 Explained - API Attack Strategies and Tactics - Exploiting API Vulnerabilities - Bypassing API Authentication and Authorization Controls - Attacking API Input Validation and Encryption Techniques - API Vulnerability Assessment and Penetration Testing - Advanced API Testing: Approaches, Tools, and Frameworks - Using Evasion Techniques - Best Practices for Secure API Design and Implementation - Challenges and Considerations for API Security in Large Enterprises - Implementing Effective API Governance and Risk Management Initiatives Cover Title Page Copyright and Credits Dedications Foreword Contributors Table of Contents Preface Part 1: Understanding API Security Fundamentals Chapter 1: Introduction to API Architecture and Security Understanding APIs and their role in modern applications How do APIs work? Leveraging APIs in modern applications – Advantages and benefits Understanding APIs with real-world business examples An overview of API security Why is API security so important? The basic components of API architecture and communication protocols Types of APIs and their benefits Common communication protocols and security considerations Summary Further reading Chapter 2: The Evolving API Threat Landscape and Security Considerations A historical perspective on API security risks The early days of APIs The rise of the web and web APIs The rise of REST and modern APIs The era of microservices, IoT, and cloud computing The modern API threat landscape Key considerations for API security in a growing ecosystem Emerging trends in API security Zero-trust architecture in API security Exploring blockchain for enhanced API security The rise of automated attacks and bots Quantum-resistant cryptography in API security Serverless architecture security in API security Behavioral analytics and user behavior profiling in API security Lesson from a real-life API data breach Uber data breach (2016) Equifax data breach (2017) MyFitnessPal data breach (2018) Facebook Cambridge Analytica scandal (2018) Summary Further reading Chapter 3: OWASP API Security Top 10 Explained OWASP and the API Security Top 10 – A timeline Exploring the API Security Top 10 OWASP API 1 – Broken Object Level Authorization OWASP API 2 – Broken Authentication OWASP API 3 – Broken Object Property Level Authorization OWASP API 4 – Unrestricted Resource Consumption OWASP API 5 – Broken Function Level Authorization OWASP API 6 – Unrestricted Access to Sensitive Business Flows OWASP API 7 – Server-Side Request Forgery OWASP API 8 – Security Misconfiguration OWASP API 9 – Improper Inventory Management OWASP API 10 – Unsafe Consumption of APIs Summary Further reading Part 2: Offensive API Hacking Chapter 4: API Attack Strategies and Tactics Technical requirements API security testing – The essential toolset breakdown Overviewing and setting up Kali Linux on a virtual machine The browser as an API hacking tool Using Burp Suite and proxy settings Burp Suite tools explained Setting up FoxyProxy for Firefox Configuring Burp Suite certificates Exploring Burp Suite’s Proxy functionalities Setting up Postman for API testing and interception with Burp Suite Understanding Postman collections Summary Further reading Chapter 5: Exploiting API Vulnerabilities Technical requirements Understanding API attack vectors Types of attack vectors Fuzzing and injection attacks on APIs Fuzzing attacks Injection attacks Exploiting authentication and authorization vulnerabilities in APIs Password brute-force attacks JWT attacks Summary Chapter 6: Bypassing API Authentication and Authorization Controls Technical requirement Introduction to API authentication and authorization controls Common methods for API authentication and authorization Bypassing user authentication controls Bypassing token-based authentication controls Bypassing API key authentication controls Bypassing role-based and attribute-based access controls Real-world examples of API circumvention attacks Summary Further reading Chapter 7: Attacking API Input Validation and Encryption Techniques Technical requirements Understanding API input validation controls Techniques for bypassing input validation controls in APIs SQL injection XSS attacks XML attacks Introduction to API encryption and decryption mechanisms Techniques for evading API encryption and decryption mechanisms Case studies – Real-world examples of API encryption attacks Summary Further reading Part 3: Advanced Techniques for API Security Testing and Exploitation Chapter 8: API Vulnerability Assessment and Penetration Testing Understanding the need for API vulnerability assessment API reconnaissance and footprinting Techniques for API reconnaissance and footprinting API scanning and enumeration Techniques for API scanning and enumeration API exploitation and post-exploitation techniques Exploitation techniques Post-exploitation techniques Best practices for API VAPT API vulnerability reporting and mitigation Future of API penetration testing and vulnerability assessment Summary Further reading Chapter 9: Advanced API Testing: Approaches, Tools, and Frameworks Technical requirements Automated API testing with AI Specialized tools and frameworks in AI-powered API testing Other AI security automation tools Large-scale API testing with parallel requests Gatling How to use Gatling for large-scale API testing with parallel requests Advanced API scraping techniques Pagination Rate limiting Authentication Dynamic content Advanced fuzzing techniques for API testing AFL Example use case API testing frameworks The RestAssured framework The WireMock framework The Postman framework The Karate DSL framework The Citrus framework Summary Further reading Chapter 10: Using Evasion Techniques Technical requirements Obfuscation techniques in APIs Control flow obfuscation Code splitting Dead code injection Resource bloat Injection techniques for evasion Parameter pollution Null byte injection Using encoding and encryption to evade detection Encoding Encryption Defensive considerations Steganography in APIs Advanced use cases and tools Defensive considerations Polymorphism in APIs Characteristics of polymorphism Tools Defensive considerations Detection and prevention of evasion techniques in APIs Comprehensive logging and monitoring Behavioral analysis Signature-based detection Dynamic signature generation Machine learning and artificial intelligence Human-centric practices for enhanced security Summary Further reading Part 4: API Security for Technical Management Professionals Chapter 11: Best Practices for Secure API Design and Implementation Technical requirements Relevance of secure API design and implementation Designing secure APIs Threat modeling Implementing secure APIs Tools Secure API maintenance Tools Summary Further reading Chapter 12: Challenges and Considerations for API Security in Large Enterprises Technical requirements Managing security across diverse API landscapes Balancing security and usability Challenges Protecting legacy APIs Using API gateways Implementing web application firewalls (WAFs) Regular security audits Regularly updating and patching Monitoring and logging activity Encrypting data Developing secure APIs for third-party integration Security monitoring and IR for APIs Security monitoring IR Summary Further reading Chapter 13: Implementing Effective API Governance and Risk Management Initiatives Understanding API governance and risk management Key components of API governance and risk management Establishing a robust API security policy Define objectives and scope Identify security requirements Authentication and authorization Data encryption Input validation and sanitization Logging and monitoring Compliance and governance Conducting effective risk assessments for APIs Understanding API risks Methodologies and frameworks Scope definition Risk identification and analysis Risk prioritization Mitigation strategies Documentation and reporting Ongoing monitoring and review Compliance frameworks for API security Regulatory compliance Industry standards API security audits and reviews Objective and scope Methodologies and techniques Compliance and standards Identification of vulnerabilities and risks Remediation and recommendations Ongoing monitoring and maintenance Typical audit and review process Summary Further reading Index Other Books You May Enjoy Become an API security expert and safeguard your applications against threats with this comprehensive guide APIs have evolved into an essential part of modern applications, making them an attractive target for cybercriminals. Written for security professionals and developers, this comprehensive guide offers practical insights into testing APIs, identifying vulnerabilities, and fixing them. With a focus on hands-on learning, this book guides you through securing your APIs in a step-by-step manner. You'll learn how to bypass authentication controls, circumvent authorization controls, and identify vulnerabilities in APIs using open-source and commercial tools. Moreover, you'll master the art of writing comprehensive vulnerability reports and recommend and implement effective mitigation strategies to address the identified vulnerabilities. But this book isn't just about hacking APIs; it's also about understanding how to defend them. You'll explore various API security management strategies and learn how to use them to safeguard APIs against emerging threats. By the end of this book, you'll have a profound understanding of API security and how to defend against the latest threats. Whether you're a developer, security professional, or ethical hacker, this book will ensure your APIs are secure and your organization's data is protected. If youre a cybersecurity professional, web developer, or software engineer looking to gain a comprehensive understanding of API security, this book is for you. It is perfect for those who have beginner to advanced-level knowledge of cybersecurity and API programming concepts. Designed to guide you through the entire process of securing APIs, starting from identifying vulnerabilities to fixing them, this book will serve as a useful resource for professionals involved in designing, developing, or maintaining APIs.
دانلود کتاب The Making of A God and Other Works of Black Art. The Lost Writings of Basil Crouch