"Check out the time on his clock! 5am for days and days! STRONG POST!"

– Luke Ahmed

Today is Day 7 of Yihenew’s CISSP study plan, continuing with Software Development Security, now shifting the focus to security of APIs and why they matter for both modern applications and CISSP exam prep.

Key Areas Covered:

• What APIs Are — application programming interfaces let different systems talk to each other, but that communication can become a target

• Common API Risks — poor authentication, excessive data exposure, broken object-level authorization, and weak input validation

• OWASP API Security Top 10 — the critical list every security professional should know when defending API endpoints

• Security Controls — strong authentication, rate limiting, schema validation, encryption in transit, and logging/monitoring

• CISSP Tie-In — APIs live at the intersection of secure coding, identity and access management, and risk management

  
  

In this CISSP study plan session, Yihenew emphasized that APIs are no longer a side topic—they’re a primary attack surface. Security professionals need to understand API weaknesses, protective controls, and how they tie into secure software development practices.

Quick CISSP Practice Question

Which of the following best reduces the risk of API abuse through excessive calls?

A. Data encryption

B. Rate limiting

C. Input validation

D. Schema enforcement

✅ Correct Answer: B. Rate limiting

Explanation: Rate limiting helps prevent abuse by restricting the number of calls an API can receive in a given time frame. Data encryption and schema enforcement add security, and input validation protects against injection attacks, but rate limiting directly addresses excessive use.

Follow his full journey on TikTok or check out Day 8.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you. Luke Ahmed