November 30, 2020

DevSecOps Tech Talks 16.00-17.00

In this online session we will talk about the challenges of API security testing, how to approach the risks associated and how to foster awareness of the threats in API programming.

Agenda:
16:00 Introduction by the host - DevSecOps NL
16:05 Top 10 OWASP guidelines on API Security 
16:30 API Security Testing challenges  
16:50 Wrap-up - Sander Kruger; Netstone
16:55 Questions and Answers

The trend is to build applications with microservices, all exposing an API that is consumed by a client application, in the browser or on a mobile device.
The great thing about API's is that it's easy to integrate many different systems easily and to build a whole ecosystem around your application. The flip-side is that it is equally easy for criminals to do reconnaissance on your API and to automate an attack on your server through the API. At the same time, penetration testing and scanning of API's is nowhere near as mature as SAST and DAST tooling.

​