What we're about

OWASP Sydney Chapter, free to join, open to all. We meet to discuss & demonstrate web and browser-based vulnerabilities, tools & solutions. More information about the OWASP Sydney Chapter can be found at https://www.owasp.org/index.php/sydney .

Upcoming events (2)

OWASP Sydney Fight Club - Feb meet

Online event

Welcome back to OWASP Sydney’s Fight Club!

Join us once a month in our fc-announcements Discord channel (https://discord.com/invite/uAWze2B) where we come together to break into machines, go head to head in Hack The Box’s (HTB) battlegrounds, and dive down rabbit holes!

To participate in the event, please ensure you know the basics of HTB, e.g. how to connect to the VPN, and have a valid account set up and ready to go.

There is no set agenda for the night, we might form teams and compete, or we might all go on a solo mission - the aim is to train up your skills alongside other members of the community and have a good time!

Sydney OWASP Night - Zero Trust Model - A Swiss Knife for API Risk Management

96% of these web applications contain open source material and 99% of open source contains web APIs. In fact, web APIs contribute 83% of the traffic over the internet.This growing API usage also means growing cybersecurity risks.

In this session, Dr Baljeet Malhotra will provide an overview of an API Governance framework for effective API Risk Management. This framework is inspired by the Zero Trust model that enterprises can use as a “Swiss Knife” for reducing their API related risks. He’ll also highlight best practices and hands-on examples for API Risk Management.

APIs benefit organizations immensely through accelerated innovations, newer business models, and competitive differentiation, but their weak security posture leads to business disruptions, legal and compliance issues. Gartner has actually predicted that by 2022, API abuses will be the most frequent attack vector resulting in data breaches for web applications.

Given the importance of APIs for digital transformation at organizations, it is imperative for their Security, Compliance and Audit professionals to get a handle on APIs to manage various API related risks.

Dr Baljeet Malhotra, is an award-winning researcher known for his work in Open Source and API Data Management. He conceptualized the world's first "API Composition Analysis" based on source code static analysis. He currently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC.

Photos (18)