APIs power modern applications, but they also present a significant attack surface. This session explores the fundamentals and best practices of API security, focusing on the 3 Pillars: Governance, Testing, and Monitoring. Attendees will gain a comprehensive understanding of the critical elements needed to safeguard APIs. The session will wrap up with practical insights, including essential do’s and don’ts for implementing and maintaining secure APIs.
Why Are APIs Under Attack? • 83% of internet traffic consists of API requests. • APIs are often under-secured and overlooked, making them prime targets.
How Do APIs Get Attacked? Attackers seek APIs that are over-permissioned, expose too much data, allow unauthorized actions, or contain logic flaws. By bypassing traditional web and mobile interfaces, they target APIs directly.
Deep Dive: OWASP API Top 10 The top four vulnerabilities are the most critical, and we’ll analyze real-world examples to illustrate their impact.
Who Should Attend? No specialized knowledge is required, but a basic understanding of penetration testing concepts is helpful. No programming skills are necessary—this session is designed for beginner to intermediate security testers interested in unraveling the complexities of API security. Join to uncover the risks, challenges, and best practices in API security!
