Need More Sleep? REST Could Help

Presented at DerbyCon 6.0 Recharge (2016), Sept. 24, 2016, 4 p.m. (50 minutes).

Increasingly, RESTful APIs are utilized to provide a communication avenue for web servers and clients to exchange data via HTTP(S). Historically SOAP APIs were used for this purpose however, implementation, client development, and documentation have been proved more complicated than that of REST. Further, REST provides a greater level of performance and scalability over SOAP, which adds to the benefits of using RESTful APIs. In this talk, key differences between SOAP and REST and core REST concepts will be discussed as well as testing methodologies and techniques that an analyst or developer could utilize to discover vulnerabilities within implementations of RESTful APIs. Burp Suite will be used to demonstrate testing when discussing focus areas of interests of a RESTful API, which will include authorization and input validation. Attendees should leave this talk with a firm understanding of RESTful APIs, how they are implemented, and how to assess RESTful APIs for vulnerabilities.

Presenters:

Similar Presentations: