You're reading from Pentesting APIs A practical guide to discovering, fingerprinting, and exploiting APIs

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781837633166

Length 290 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Maurício Harley

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Introduction to API Security

2. Chapter 1: Understanding APIs and their Security Landscape FREE CHAPTER

3. Chapter 2: Setting Up the Penetration Testing Environment

4. Part 2: API Information Gathering and AuthN/AuthZ Testing

5. Chapter 3: API Reconnaissance and Information Gathering

6. Chapter 4: Authentication and Authorization Testing

7. Part 3: API Basic Attacks

8. Chapter 5: Injection Attacks and Validation Testing

9. Chapter 6: Error Handling and Exception Testing

10. Chapter 7: Denial of Service and Rate-Limiting Testing

11. Part 4: API Advanced Topics

12. Chapter 8: Data Exposure and Sensitive Information Leakage

13. Chapter 9: API Abuse and Business Logic Testing

14. Part 5: API Security Best Practices

15. Chapter 10: Secure Coding Practices for APIs

16. Index

Why subscribe?

17. Other Books You May Enjoy

Best practices for data protection and encryption

We covered attacks accessing data in unauthorized ways in Chapter 8. Data protection and encryption are essential for securing sensitive information transmitted via APIs. In Python, using libraries such as cryptography to encrypt data at rest and in transit is crucial. For instance, encrypting sensitive information such as passwords and personal data before storing it in the database can prevent unauthorized access. Observe the following code that applies the cryptography library to make use of Fernet tokens and keys:

# The wrong way: Storing sensitive data without encryption
user_data = {'ssn': '123-45-6789'}
database.store(user_data)
# The correct way: Encrypting sensitive data before storing
from cryptography.fernet import Fernet
key = Fernet.generate_key()
cipher_suite = Fernet(key)
encrypted_ssn = cipher_suite.encrypt(b'123-45-6789')
user_data = {'ssn': encrypted_ssn}
database.store(user_data...

The rest of the chapter is locked

Tech Concepts

Programming languages

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

You're reading from Pentesting APIs A practical guide to discovering, fingerprinting, and exploiting APIs

Table of Contents (18) Chapters

Best practices for data protection and encryption

Authors (1)

Personalised recommendations for you

You're reading from Pentesting APIs A practical guide to discovering, fingerprinting, and exploiting APIs

Table of Contents (18) Chapters

Best practices for data protection and encryption

Authors (1)

Personalised recommendations for you

Create a Free Account To Continue Reading

Sign in to activate your 7-day free access