Secure Coding

Defending Web APIs

Course Learning Objectives

  • Learn about defenses against insufficient Authentication and Authorization in public and private APIs.
  • Summarize different techniques that defend Web APIs against insufficient input validation and output sanitization.
  • Discover how to defend against insecure communication and identify best practices for secure communication using SSL and TLS.
  • Explore ways of reducing the attack surface of Web APIs by implementing defenses against commonattacks like CSRF, DoS and DDoS.


This course discusses defenses against the common vulnerabilities of today's RESTful Web APIs. We'll cover the security of connecting to APIs, validating input and output, communication channels, and common attacks.


This course is intended for junior developers with some experience using APIs and web services.

Time Required

Tailored learning - 75 minutes total

API101S - Defending Web APIs

$139.00 *prices shown in USD Add to Cart or Subscribe your team