Confidence Staveley, a Cyber security professional, inclusion advocate and a cyber talent developer with over a decade experience in technology has offered a hands-on approach to secure your Application Programming Interface (APIs) and protect organisation’s data in her new book, ‘API Security for White Hat Hackers.’
The book offers a hands-on approach to learning, emphasizing practical exercises that guide readers through testing APIs, identifying vulnerabilities, and implementing fixes.
By focusing on real-world scenarios, readers gain invaluable experience in bypassing authentication controls, circumventing authorization mechanisms, and identifying common vulnerabilities using open-source and commercial tools.
Speaking during the pre-launch party of her book, Staveley explained that APIs are connecting our world and they are basically why different applications can talk to each other.
She said this means that different organisations can collaborate because APIs exist, adding that because they are connectors, they are usually a good point for attackers to get into organisations and steal data and cause all sorts of damages.
“For me, I wanted to make sure that I share my knowledge in a way that strengthens businesses and organisations to be able to protect our data and that is why I wrote this book.
“A lot of the things that are written in the book are from my own experience being in the industry for over 10 years now. Some of them are also from standards and best practices across the world. I have also created an intentionally vulnerable API. This book is hands-on. You can use that API and learn how to defend your APIs by learning how to attach them.
“You are learning how to attack just like a bad guy would but this time, you are using that knowledge to be able to close those loopholes that you have found by attacking your own APIs. You will do that before the bad guys find out and then be able to protect your organisation,” the author said.
She stressed that this is an area that has not been given much attention as it should but it is a place that attackers are increasingly attacking organisations from.
Staveley said she created this book that talks to different groups of people.
“From developers building APIs, to cyber security and information security professionals at the beginning stages of their career, to management level professionals in cyber security for example that are only helping the board better manage risks, to even other stakeholders that are into development and maintenance of APIs.
“There is something for everyone at different stages of their career as long as you are dealing with APIs,” she said.
According to her, the biggest threat is not doing the bare minimum to protect organisations as a lot of organisations are fruits on the ground because they are not doing the very basics.
She said “the very basics is making sure your user name and password are strong. Also you should have another layer of protection and have that protection layered across each other.
“In our everyday life that looks like having two factor authentication for our social media account; you find that a lot of organisations don’t have these layered approaches to security and this is one of our biggest issues and the cause of many threats.
“A lot of the attacks we are seeing start with deception. So clicking that harmful link in that email you are receiving a lot of other things down to what we are talking about in this book.”
