OWASP Stammtisch: Common API security pitfalls by Philippe De Ryck


Hi all,

next talk will be in English. Again I am sorry that Jim Manico couldn't make it. Fortunately we have a perfect replacement for him. It's (Dr.) Philippe De Ryck from Belgium. The only catch is we can't bribe him with German beer as the Belgium beer is way better than the Hawaiian... ;-)

The shift towards an API landscape indicates a significant evolution in the way we build applications. The rise of JavaScript and mobile applications have sparked an explosion of easily-accessible REST APIs. But how do you protect access to your API? Which security aspects are no longer relevant? Which security features are an absolutely must-have, and which additional security measures do you need to take into account?

These are hard questions, as evidenced by the deployment of numerous insecure APIs. Attend this session to find out about common API security pitfalls, that often result in compromised user accounts and unauthorized access to your data. We expose the problem that lies at the root of each of these pitfalls, and offer actionable advice to address these security problems. After this session, you will know how to assess the security of your APIs, and the best practices to improve them towards the future.

Philippe De Ryck is the founder of the SecAppDev conference which celebrates his 15th anniversary. He also found Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.

OWASP Stammtisch in General
Our meeting is about web applications and their (in)security and/or about IT security in general. People come together who care as a hobby or in their job about IT security: developers, managers, pentesters and everybody else who's interested in it. The atmosphere is open and relaxed. Who's coming to sell products or their services: Move on, this is not the right place. OWASP is about education and sharing (mostly) technical information.
Feel free to forward our meetup information to colleagues or friend. They are welcome, too. Participation is free and open -- as the O in OWASP.

Please make sure that your RSVP holds up to its promise as our host is planning drinks and probably food. Also, unless space, the room is not infinite but has boundaries.

Cheers , Dirk