Pragmatic API Exploration (Monday)

Presented at DEF CON 30 (2022), Aug. 15, 2022, 8 a.m. (540 minutes)

Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/aubrey-labuschagne-william-marianka-botes-pragmatic-api-exploration

Training description:

The use of Application Programming Interfaces (APIs) have become ubiquitous as business expose and consume services.

Therefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.

The aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.

Moreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.


Presenters:

  • Marianka Botes
    Marianka is a security analyst for the SensePost team at Orange Cyberdefense. She studied Information Technology at the North-West University (Pukke) in South Africa and has a big passion for hacking. In her off time she will study up some Dad jokes or find the best places to order chicken wings.
  • Aubrey Labuschagne (William)
    Aubrey is a security analyst at SensePost. Over the years he has had many roles which included project management, product management, development, training and being a security analyst. Interest for security grew from emergence into information warfare. His hobbies include the development of sensor centric platforms. He has a big passion for training and has completed his masters on how to improve the effectiveness of security awareness programs. He currently holds several certifications which include OSCP, ECSA and ISO 27032 certifications.

Similar Presentations: