Pro API Security Testing in ASP.NET Core
Apress (Verlag)
979-8-8688-2390-9 (ISBN)
- Titel nicht im Sortiment
- Artikel merken
Through hands-on C# code examples using WebApplicationFactory and real-world scenarios from a vulnerable Banking API, you will learn to write security tests that verify your defenses against each of the OWASP Top 10 API Security risks. From broken authorization and authentication flaws to server-side request forgery and security misconfiguration, each chapter provides concrete testing strategies that catch vulnerabilities before they reach production.
By following the testing patterns and practices presented in this book, you will build APIs that are not just functional but comprehensively secure.
What You Will Learn
Write security-focused integration tests using WebApplicationFactory and C# that integrate seamlessly into your development workflow
Test and defend your APIs against all OWASP Top 10 API Security risks, including broken authorization, authentication bypass, and injection vulnerabilities
Integrate API security testing as a natural part of the ASP.NET Core API development process
Build a security mindset that treats security as a fundamental quality attribute of your APIs
Who This Book is For
This book is for ASP.NET Core developers, QA engineers, and DevOps professionals who want to take ownership of API security testing. Whether you are building new APIs or securing existing ones, you will benefit from the practical testing techniques presented here. Familiarity with C# and basic ASP.NET Core development is assumed, but no prior security expertise is required. This is an evergreen book that is not specific to any particular version of ASP.NET Core.
Roman Canlas is an accomplished application security engineer who built and runs the global application security program for a Fortune 500 company. His background in C# and ASP.NET development gives him a developer's eye for identifying code-level vulnerabilities and conducting web security testing. He holds GIAC GWAPT, ISC2 CSSLP, and EC-Council CASE.NET certifications, along with a Master's in Information Systems and a Bachelor's in Computer Science degree. He wrote this book to share practical approaches that developers and security teams can actually implement. This book distils his experience into security tests you can write and run today.
Chapter 1, Introduction to API Security.- Chapter 2, Setting Up Your API Security Testing Environment.- Chapter 3, Testing for Broken Object Level Authorization.- Chapter 4, Testing for Broken Authentication.- Chapter 5, Testing for Broken Object Property Level Authorization.- Chapter 6, Testing for Unrestricted Resource Consumption.- Chapter 7, Testing for Broken Function Level Authorization.- Chapter 8, Testing for Unrestricted Access to Sensitive Business Flows.- Chapter 9, Testing for Server-Side Request Forgery.- Chapter 10, Testing for Security Misconfiguration.- Chapter 11, Testing for Improper Inventory Management.- Chapter 12, Testing for Unsafe Consumption of APIs.- Chapter 13, Putting It All Together: Integrating Security Testing into the Development Lifecycle.- Chapter 14, Conclusion and Next Steps.
| Erscheint lt. Verlag | 16.4.2026 |
|---|---|
| Zusatzinfo | Approx. 200 p. |
| Verlagsort | Berkley |
| Sprache | englisch |
| Maße | 178 x 254 mm |
| Themenwelt | Informatik ► Software Entwicklung ► Qualität / Testen |
| Schlagworte | API security • ASP.NET Core • C# • Integration Testing • Minimal API • OWASP Top 10 • Rest • Secure coding • security testing • WebAPI • WebApplicationFactory |
| ISBN-13 | 979-8-8688-2390-9 / 9798868823909 |
| Zustand | Neuware |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
