A Night of OpenAPI Security and Internet Device Search

Welcome to the first OWASP Copenhagen meetup after the (long) summer break!

We will be talking on API security and Internet device search whilst enjoying pizza and drinks as usual. On top of that there will be a big bag of stickers for you to go through and take what you want. If you have spare stickers yourself please bring them and throw them in the pile. Most are from this year's Hacker Summer Camp. There'll also be a couple of magazines from Black Hills Infosec.

The talk on API Security is by Andrei Agape. Here's a short synopsis and speaker bio:

This presentation will share key findings from analyzing the OpenAPI standard and 100,000 publicly available API documentations. The aim of this research is to uncovered vulnerabilities that can be detected by analyzing the documentation and how testing techniques can be improved based on these results. Attendees will gain insights into how these discoveries can enhance API pentesting methodologies, streamline vulnerability detection, and improve overall security practices.

Andrei is a Pentester and Offensive Security Specialist with a passion for web and API research as he likes finding ingenious ways to chain and exploit vulnerabilities that otherwise seem benign.

The talk on Internet Device Search is by Jonathan Andersen. Here's a short synopis and speaker bio:

This talk will cover the importance of being able to understand and quickly make sense of internet traffic as a crucial first step in identifying, investigating, and preventing many web-based attacks.

The talk introduces the attendees to powerful and freely available tools and techniques to make sense of large amounts of IP addresses, domain names, and other web artifacts in bulk. It will focus on Webscout, an internet device search and enrichment engine made in Denmark.
The talk will also show how Webscout can be used to passively and stealthily uncover web attack surfaces on a large scale, benefiting attendees in both application defense and offensive bug bounty hunting.

After the talk, members of the audience will be equipped to understand and make informed decisions about internet traffic against their internetfacing web applications. They will be able to answer key forensic questions, such as: Is an IP address used by a popular VPN provider? Is it part of the Tor network? Does it act as a proxy or internet-wide scanner/crawler? Has it been reported anywhere else on the web, such as in popular threat feeds, forums, or MISPs?

Jonathan is the co-founder and CEO of Webscout.io, a data platform focused on providing intelligence on internet devices and services at scale. He has a strong interest in cyber threat intelligence and has been working as an analyst at the Danish Ministry of Defense since 2019.

Agenda
18.00 Welcome
18.05 Andrei Agape: A Deep dive into OpenAPI Security
18.50 Pizza time
19.30 Jonathan Andersen: Untangling the web: Making sense of (traffic from) internet appliances at scale