A Conference for Mastering Cloud Native Architectures, the Kubernetes Ecosystem and Functions

Practical API Security Workshop: Attack and Defense

Until conference starts:
✓ 2-in-1 conference package
✓ Team discount
✓ Extra specials for freelancers
Bis Konferenzbeginn
✓ 2-in-1-Konferenzpaket
✓ Kollegenrabatt
✓ Extra-Specials für Freelancer
Until conference starts:
✓ 2-in-1 conference package
✓ Team discount
✓ Extra specials for freelancers
Until conference starts:
✓ 2-in-1 conference package
✓ Team discount
✓ Extra specials for freelancers
Monday, April 4 2022
09:00 - 17:00
Rembrandt WS
Booking note:
Practical API Security Workshop

In this hands-on workshop you will get to know vulnerabilities and how they can be exploited to break into an application through an API. A closer look at OWASP’s API Security Top 10 will provide you with details about some possible attacks and their prevention. You will learn to protect APIs against attacks using secure coding practices, software architecture and security infrastructure like API gateways.
This practice-oriented workshop is not about compliance and papers. It’s about technology and methodology with lots of demonstrations and exercises.

APIs are connecting Single Page Applications on the Web with backend systems containing sensitive data. Companies are becoming platforms by exposing business functions as APIs. The ever-growing attack surface of APIs is opening backdoors into applications. IT security has just started to recognize APIs as a vector for attacks.
To effectively protect APIs, it is important to understand potential attacks and their targeting. In the workshop you learn how to think like a hacker and to apply several techniques to break into an application through an API. You will learn how to discover API related security issues and vulnerabilities. We will discuss current best practices and strategies improving API security.
Almost every company was affected by the Log4J vulnerability at the end of last year. In the workshop we will demonstrate the complete attack including the remote code execution through an API.  
This workshop is for IT security specialists, software architects and developers who have to protect resources against threats imposed by APIs.

Part 1: How to hack an API?
You will learn how hackers use vulnerabilities and exploits like mass assignment, SQL injection and broken user authentication to get access to resources through an API.
Part 2: Security Risks in Detail
We will have a closer look at the attacks from part one and discuss why the attacks were possible.
Part 3: How to protect an API?
Learn how to apply secure coding practices, proper software architecture and infrastructure to give hackers a hard time.
Part 4: The Defense Tools
Get to know how API gateways, Web Application Firewalls, code scanners and other tools can contribute to secure APIs.

Participants should have some basic experience with APIs.

To follow the optional hands-on exercises, you should bring your own laptop and in case you want to participate in the exercises please install:

This Session belongs to the Diese Session gehört zum Programm vom The HagueDen Haag program. Take me to the program of . Hier geht es zum Programm von Berlin Berlin .

Take me to the full program of Zum vollständigen Programm von The Hague Den Haag .

This Session Diese Session belongs to the gehört zum Programm von The HagueDen Haag program. Take me to the current program of . Hier geht es zum aktuellen Programm von Berlin Berlin or oder The Hague Den Haag .
Stay tuned!
Learn more about Serverless
Architecture Conference 2020

Behind the Tracks

Software Architecture & Design
Software innovation & more
Architecture structure & more
Agile & Communication
Methodologies & more
Emerging Technologies
Everything about the latest technologies
DevOps & Continuous Delivery
Delivery Pipelines, Testing & more
Cloud & Modern Infrastructure
Everything about new tools and platforms
Big Data & Machine Learning
Saving, processing & more