Practical API Security Workshop: Attack and Defense

Until June 30
✓ Workshop day for free
✓ Save up to 622€
✓ Amazon Echo Dot or Arduino for free
Register now
Bis 30. Juni
✓ Workshop-Tag gratis
✓ Bis zu 622 € sparen
✓ Amazon Echo Dot oder Arduino gratis
Jetzt anmelden
Until conference starts:
✓ 2-in-1 conference package
✓ Team discount
✓ Extra specials for freelancers
Register now
Danke für Eure Teilnahme
✓ Bis zum nächsten mal!
Booking note:
Practical API Security Workshop
Monday, April 4 2022
09:00 - 17:00
Rembrandt WS
Booking note:
Practical API Security Workshop

In this hands-on workshop, you will get to know vulnerabilities and how they can be exploited to break into an application through an API. A closer look at OWASP’s API Security Top 10 will provide you with details about some possible attacks and their prevention. You will learn to protect APIs against attacks using secure coding practices, software architecture, and security infrastructure like API gateways.
This practice-oriented workshop is not about compliance and papers. It’s about technology and methodology with lots of demonstrations and exercises.

APIs are connecting Single Page Applications on the Web with backend systems containing sensitive data. Companies are becoming platforms by exposing business functions as APIs. The ever-growing attack surface of APIs is opening backdoors into applications. IT security has just started to recognize APIs as a vector for attacks.
To effectively protect APIs, it is important to understand potential attacks and their targeting. In the workshop, you learn how to think like a hacker and to apply several techniques to break into an application through an API. You will learn how to discover API-related security issues and vulnerabilities. We will discuss current best practices and strategies for improving API security.
Almost every company was affected by the Log4J vulnerability at the end of last year. In the workshop, we will demonstrate the complete attack including the remote code execution through an API.  
This workshop is for IT security specialists, software architects, and developers who have to protect resources against threats imposed by APIs.

Part 1: How to hack an API
You will learn how hackers use vulnerabilities and exploits like mass assignment, SQL injection, and broken user authentication to get access to resources through an API.
Part 2: Security Risks in Detail
We will have a closer look at the attacks from part one and discuss why the attacks were possible.
Part 3: How to protect an API
Learn how to apply secure coding practices, proper software architecture, and infrastructure to give hackers a hard time.
Part 4: The Defense Tools
Get to know how API gateways, Web Application Firewalls, code scanners, and other tools can contribute to secure APIs.

Participants should have some basic experience with APIs.

To follow the optional hands-on exercises, you should bring your own laptop and in case you want to participate in the exercises please install:

Take me to the full program of Zum vollständigen Programm von Berlin Berlin .

Take me to the full program of Zum vollständigen Programm von The Hague Den Haag .

This Session Diese Session belongs to the gehört zum Programm von BerlinBerlin and  und  The HagueDen Haag program. Take me to the current program of . Hier geht es zum aktuellen Programm von Berlin Berlin or oder The Hague Den Haag .

All News & Updates of API Conference:

Behind the Tracks

API Management

A detailed look at the development of APIs

API Development

Architecture of APIs and API systems

API Design

From policies and identities to monitoring

API Platforms & Business

Web APIs for a larger audience & API platforms related to SaaS