add-memberalign-toparrow-leftarrow-rightbellblockcalendarcamerachatchevron-leftchevron-rightchevron-small-downchevron-upcircle-with-crosscomposecrossfacebookflagfolderglobegoogleimagesinstagramkeylocation-pinmedalmoremuplabelShape 3 + Rectangle 1pagepersonpluspollsImported LayersImported LayersImported LayersshieldstartwitterwinbackClosewinbackCompletewinbackDiscountyahoo

Matt Konda Presents Secure API Development


API’s are foundational building blocks for many enterprise and mobile applications. Whether it is REST/JSON or traditional web services, having a great API is a great start toward a successful project. When building API’s, it is often nice to think that they do not have the visibility or attack surface that a traditional web app might have. Do authentication correctly and you’re done, right? Wrong. This talk will present a number of ways of looking at an example API and identify and exploit common weaknesses in the design and implementation. The take aways will be concrete actions developers can take when building APIs to improve their security.

Matt Konda Bio:
I am a veteran agile software developer with a focus on security. My mission is to empower developers to build code more securely through training, secure agile process adoption (Security in SDLC) and technical solutions. I started Jemurai to work toward this mission.

I have experience as a Director of Engineering at a large security software company, where I ran multiple project teams concurrently and was responsible for architecture, agile project management, and both operational and technical delivery. I also have experience as a software architect consultant and with managing teams of consultants delivering products to Fortune 500 companies.

Overall, I have 15+ years of experience building robust software solutions with Java, Ruby, big data and analytics platforms. I have significant industry speaking experience, including Security BSides, AppSecUSA, Defcon Skytalks, Secure360, OWASP chapter events in Chicago and Minneapolis St. Paul, Chicago Ruby and WindyCityRails.

Join or login to comment.

  • Matt K.

    This was an interesting write up of several low severity vulnerabilities chained together to create a problem for github:

    Also points to potential problems with OAuth when not configured properly.

    1 · February 11, 2014

  • Mike G.

    I very much enjoyed this meetup and agree with Roger's comment on it being an eye opener. I was able to bring lots of useful information back to the team I work on. I think the Peapod office was a very cool office, but to make it better for viewers, we should gather around the presenter rather than sit at the desks.

    January 23, 2014

  • Roger T.

    An eye opener for me. I took away a few things to think about. Where do we set "the bar", and that as much as I might think that no one might want to abuse my API, someone WILL probably eventually try to abuse my API. As a side note, I was not a huge fan of the PeaPod space for a presentation. Although there were plenty monitors to view the presentation, my view, and I think many others had an obstructed view of Matt.

    January 22, 2014

  • Matt K.

    Thanks to everyone for your comments and for coming. Here are the slides:

    Don't hesitation to reach out for follow up or with any questions!

    1 · January 22, 2014

  • Justin N.

    I will certainly seek Matt out at any conference I attend. I love Matt's deep knowledge and humble delivery. He is clearly a person who knows a lot, and as he said has a very wide breadth of knowledge. My suggestion would be to have this talk broken out into two different sessions, one around pen testing tools and information and another around strictly "Best Practices" for creating a secure APIs. This would allow him to go into some more specifics around implementations he's seen done well and others that have seemingly "looked good" but didn't actually hold up in the real world. He discussed a little bit about some of these, but I think having a specific talk dedicated to each would give the topic it's due justice.

    January 22, 2014

  • Mike K.

    Great talk. Not sure if I'm going to be able to sleep tonight after what I have just learned. But the consolation prize is that I have a bunch of new geek tools to run against our system.

    January 21, 2014

  • Yanina B.

    Interesting topic!

    January 21, 2014

  • swapnil

    Not able to make it

    January 21, 2014

  • Aaron R.

    Sorry I can't make it, too much lake effect snow in Indiana :(

    January 21, 2014

  • Deborah C.

    Guest: Rob Wisniewski

    January 16, 2014

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy