The forgotten attack surface; How to test your API’s and the OWASP API Security Top 10
DevSecOps Tech Talks 16.00-17.00
In this online session we will talk about the challenges of API security testing, how to approach the risks associated and how to foster awareness of the threats in API programming.
16:00 Introduction by the host - DevSecOps NL
16:05 Top 10 OWASP guidelines on API Security
16:30 API Security Testing challenges
16:50 Wrap-up - Sander Kruger; Netstone
16:55 Questions and Answers
The trend is to build applications with microservices, all exposing an API that is consumed by a client application, in the browser or on a mobile device.
The great thing about API's is that it's easy to integrate many different systems easily and to build a whole ecosystem around your application. The flip-side is that it is equally easy for criminals to do reconnaissance on your API and to automate an attack on your server through the API. At the same time, penetration testing and scanning of API's is nowhere near as mature as SAST and DAST tooling.