Hacking Web APIs
Details
This meeting will be in-person! Thank you to Kroger for hosting at their Kroger Blue Ash Technology Center.
This talk will feature live demos of Web API exploits against the “Tiredful API”, which is an intentionally broken web app. The objective is to teach developers, QA, and security professionals about flaws that are often present in Web Services (REST APIs) due to insecure coding practices. Examples include: Information Disclosure, Insecure Direct Object Reference (IDOR), Access Control, Throttling, SQL Injection, and Cross Site Scripting (XSS). Many of these vulnerabilities are contained in the OWASP Top 10 list. This talk features additional tips and live demos.
Approximate schedule:
4:00 - Doors open. Come for networking and refreshments
4:15 - Presentation begins.
5:15 - Networking and refreshments resume!
6:00 EOE (End of Event)
Hacking Web APIs