The Best API Books of All Time

Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass.

Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks. In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:. Enumerating APIs users and endpoints using fuzzing techniquesUsing Postman to discover an excessive data exposure vulnerabilityPerforming a JSON Web Token attack against an API authentication processCombining multiple API attack techniques to perform a NoSQL injectionAttacking a GraphQL API to uncover a broken object level authorization vulnerability. By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.

Summary. The Design of Web APIs is a practical, example-packed guide to crafting extraordinary web APIs. Author Arnaud Lauret demonstrates fantastic design principles and techniques you can apply to both public and private web APIs. About the technology. An API frees developers to integrate with an application without knowing its code-level details. Whether you’re using established standards like REST and OpenAPI or more recent approaches like GraphQL or gRPC, mastering API design is a superskill. It will make your web-facing services easier to consume and your clients—internal and external—happier.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the book. Drawing on author Arnaud Lauret's many years of API design experience, this book teaches you how to gather requirements, how to balance business and technical goals, and how to adopt a consumer-first mindset. It teaches effective practices using numerous interesting examples. What's inside. Characteristics of a well-designed API. User-oriented and real-world APIs. Secure APIs by design. Evolving, documenting, and reviewing API designs. About the reader. Written for developers with minimal experience building and consuming APIs. About the author. A software architect with extensive experience in the banking industry, Arnaud Lauret has spent 10 years using, designing, and building APIs. He blogs under the name of API Handyman and has created the API Stylebook website.

Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot. Summary. Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. Securing the messages, queues, and API endpoints requires new approaches to security both in the infrastructure and the code.

Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology. Integrating independent services into a single system presents special security challenges in a microservices deployment. With proper planning, however, you can build in security from the start. Learn to create secure services and protect application data throughout development and deployment. As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. With proper planning, design, and implementation, you can reap the benefits of microservices while keeping your application data--and your company's reputation--safe! About the book. Microservices Security in Action is filled with solutions, teaching best practices for throttling and monitoring, access control, and microservice-to-microservice communications. Detailed code samples, exercises, and real-world use cases help you put what you've learned into production. Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You'll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you're finished reading, you'll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they're secure! What's inside Microservice security conceptsEdge services with an API gatewayDeployments with Docker, Kubernetes, and IstioSecurity testing at the code levelCommunications with HTTP, gRPC, and Kafka About the reader. For experienced microservices developers with intermediate Java skills. About the author. Prabath Siriwardena is the Deputy CTO (Security) at WSO2. Nuwan Dias is the Deputy CTO (API Management & Integration) at WSO2. They have designed secure systems for many Fortune 500 companies. Table of Contents. PART 1 OVERVIEW. 1 Microservices security landscape. 2 First steps in securing microservices. PART 2 EDGE SECURITY. 3 Securing north/south traffic with an API gateway. 4 Accessing a secured microservice via a single-page application. 5 Engaging throttling, monitoring, and access control. PART 3 SERVICE-TO-SERVICE COMMUNICATIONS. 6 Securing east/west traffic with certificates. 7 Securing east/west traffic with JWT. 8 Securing east/west traffic over gRPC. 9 Securing reactive microservices. PART 4 SECURE DEPLOYMENT. 10 Conquering container security with Docker. 11 Securing microservices on Kubernetes. 12 Securing microservices with Istio service mesh. PART 5 SECURE DEVELOPMENT. 13 Secure coding practices and automation.