SecAppDev 2024 workshop details

Bulletproof APIs: Hands-On API Security

Learning goal: Gain hands-on security strategies for APIs, understand the root causes of threats, and learn to implement effective solutions. Master best practices and leave with a checklist to enhance your application's security.

Thursday June 6th, 09:00 - 17:30
Room West Wing
Abstract

As APIs become a big part of our tech world, making sure they're secure is key. The 2023 version of the OWASP API Security top 10 shows us that API security needs our attention. Building secure APIs requires developers and architects to really get API security, from the big picture down to the nitty-gritty details.

This workshop will teach you the skills you need! We're going to think like an attacker to test APIs and like a defender to figure out the best ways to protect them. With lectures, real-world demos, fun quizzes, and hands-on labs, you'll learn how to secure your APIs.

Content overview
  • The security model of API-based web applications
  • Recognizing and addressing authorization failures
  • Understanding Broken Object Property Level Authorization (BOPLA)
  • Fixing Broken Object Level Authorization (BOLA)
  • Testing the security of APIs that use JWTs
  • Best practices for making JWTs secure in modern APIs
  • Identifying, exploiting, and fixing Server-Side Request Forgery (SSRF) issues
  • Quizzes and labs to make learning stick
  • Q & A throughout the workshop to clear up any doubts
Content level

Introductory

Target audience

Developers, architects, and security professionals working with APIs

Prerequisites

Understanding of API-based applications. Labs do not require prerequisite security knowledge or proficient developer skills.

Technical requirements

A laptop with a modern browser

Join us for SecAppDev. You will not regret it!

Philippe De Ryck
Philippe De Ryck

Security Expert, Pragmatic Web Security

Expertise: Web security, API security, OAuth 2.0, OpenID Connect

More details

Join us for SecAppDev. You will not regret it!

Other workshops

SecAppDev offers the most in-depth content you will find in a conference setting