APIs are connecting Single Page Applications on the Web with backend systems containing sensitive data. Companies are becoming platforms by exposing business functions as APIs. The ever-growing attack surface of APIs is opening backdoors into applications. IT security has just started to recognize APIs as a vector for attacks.
To effectively protect APIs, it is important to understand potential attacks and their targeting. In the workshop, you learn how to think like a hacker and to apply several techniques to break into an application through an API. You will learn how to discover API-related security issues and vulnerabilities. We will discuss current best practices and strategies for improving API security.
Almost every company was affected by the Log4J vulnerability at the end of last year. In the workshop, we will demonstrate the complete attack including the remote code execution through an API.  
This workshop is for IT security specialists, software architects, and developers who have to protect resources against threats imposed by APIs.

Part 1: How to hack an API
You will learn how hackers use vulnerabilities and exploits like mass assignment, SQL injection, and broken user authentication to get access to resources through an API.
Part 2: Security Risks in Detail
We will have a closer look at the attacks from part one and discuss why the attacks were possible.
Part 3: How to protect an API
Learn how to apply secure coding practices, proper software architecture, and infrastructure to give hackers a hard time.
Part 4: The Defense Tools
Get to know how API gateways, Web Application Firewalls, code scanners, and other tools can contribute to secure APIs.