Hacking (and Defending!) APIs

Presented at Blue Team Con 2022, Aug. 27, 2022, 12:30 p.m. (50 minutes)

APIs are a leading attack vector that often get pushed into production without proper security testing. In this presentation we will provide an overview of the OWASP API Security Top 10 vulnerabilities from an adversarial perspective. Then we will discuss how vulnerability management programs often use the wrong tools to test APIs and how to build an effective API security stack.

Presenters:

• Robert Wagner - Field CISO
  Robert Wagner is a highly respected security advisor and strategist. With almost 20 years of blue team experience, he has helped organizations around the globe improve their security programs while aligning with business priorities. He is a co-founder of the not-for-profit organization Hak4Kidz, serves on the board of the Chicago ISSA chapter, and regularly volunteers for Bsides and other hacker cons.

Similar Presentations:

• NolaCon 2016 / Introducing the OWASP API Security Project
• Texas Cyber Summit 2019 / BT-2021 OWASP API Security Top 10
• AppSec USA 2016 / Automating API Penetration Testing using fuzzapi