In this online session we will talk about the challenges of API security testing, how to approach the risks associated and how to foster awareness of the threats in API programming.
16:00 Introduction by the host - DevSecOps NL
16:05 Top 10 OWASP guidelines on API Security – Martin Knobloch
16:30 API Security Testing challenges – Frans van Buul
16:50 Wrap-up - Sander Kruger; Netstone
16:55 Questions and Answers
The trend is to build applications with microservices, all exposing an API that is consumed by a client application, in the browser or on a mobile device.
The great thing about API's is that it's easy to integrate many different systems easily and to build a whole ecosystem around your application. The flip-side is that it is equally easy for criminals to do reconnaissance on your API and to automate an attack on your server through the API. At the same time, penetration testing and scanning of API's is nowhere near as mature as SAST and DAST tooling.