Introducing the OWASP API Security Project

Presented at NolaCon 2016, May 20, 2016, 3 p.m. (Unknown duration)

An ever-increasing number of applications have released public and private APIs, enabling awesome programmatic features to be released internally and to the world. Unfortunately, the ubiquity of APIs is a double-edged sword -- and security risks are often ignored. This talk introduces the OWASP API Security Project, including the Top Ten API Security Risks, and explains how contributors of many skill levels can get involved.

Presenters:

• David Shaw
  David has extensive experience in many areas of information security. Beginning his career as a Network Security Analyst, David monitored perimeter firewalls and intrusion detection systems to identify and neutralize threats in real time. After moving into the world of penetration testing, David led the security assessment and software development teams at Redspin as its CTO & VP of Professional Services. As of 2015, David has been CISO of AppFolio, managing SecOps and AppSec blue teams. David has been a speaker at ToorCon, LayerOne, DEF CON, NolaCon, THOTCON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle. Twitter: @dshaw_
• Leif Dreizler
  As a Senior Security Engineer at Bugcrowd, Leif Dreizler works to build the internal security program and customize and security testing solutions for Bugcrowd clients. Prior to Bugcrowd, Leif spent over two years as a Senior Application Security Engineer at Redspin, performing application security assessments. He also served as the Application Security Team Lead, interfacing with clients at the engineering and sales level.

Links:

• https://nolacon.com/talk/introducing-the-owasp-api-security-project

Similar Presentations:

• Blue Team Con 2022 / Hacking (and Defending!) APIs
• Global AppSec - DC 2019 / API Security Project
• Texas Cyber Summit 2019 / BT-2021 OWASP API Security Top 10