API’s are foundational building blocks for many enterprise and mobile applications. Whether it is REST/JSON or traditional web services, having a great API is a great start toward a successful project. When building API’s, it is often nice to think that they do not have the visibility or attack surface that a traditional web app might have. Do authentication correctly and you’re done, right? Wrong. This talk will present a number of ways of looking at an example API and identify and exploit common weaknesses in the design and implementation. The take aways will be concrete actions developers can take when building APIs to improve their security.
Matt Konda Bio:
I am a veteran agile software developer with a focus on security. My mission is to empower developers to build code more securely through training, secure agile process adoption (Security in SDLC) and technical solutions. I started Jemurai to work toward this mission.
I have experience as a Director of Engineering at a large security software company, where I ran multiple project teams concurrently and was responsible for architecture, agile project management, and both operational and technical delivery. I also have experience as a software architect consultant and with managing teams of consultants delivering products to Fortune 500 companies.
Overall, I have 15+ years of experience building robust software solutions with Java, Ruby, big data and analytics platforms. I have significant industry speaking experience, including Security BSides, AppSecUSA, Defcon Skytalks, Secure360, OWASP chapter events in Chicago and Minneapolis St. Paul, Chicago Ruby and WindyCityRails.