Skip to content

Details

Hands on API Security Workshop: Integrating API Security Checks into the CI/CD Pipeline

Hello AppSec teams and tech enthusiasts! We're thrilled to roll out an exceptional DevSecOps workshop in collaboration with OWASP LA and offered by Akto. This workshop will equip participants with the knowledge and hands-on skills to integrate API Security Testing into their GitHub DevSecOps pipelines, using OWASP API Security Top 10.

## Pre-requisites:

· A GitHub account.
· Basic understanding of application security.
· Attendees are required to bring their laptops with internet connectivity

## Agenda:

### Introduction (15 minutes)

  1. The DevSecOps paradigm and its importance.
  2. Understanding GitHub Actions.
  3. The relevance of API Security testing in the CI/CD pipeline.

### Overview of GitHub Actions for CI/CD (10 minutes)

  1. Basic components: workflows, runners, actions.
  2. Demonstration: A simple CI pipeline with GitHub Actions.

### Hands-on: Integrating API Security testing with GitHub Actions (60 minutes)

  1. Introduction to API Security Testing.
  2. Overview of OWASP Top 10 for API Security
  3. Hands-on activity:
  4. a) Setting up a test environment (ideally a deployed version of the app)
    b) Configuring the API Security tool to scan the deployed application
    c) Writing a GitHub Actions workflow to trigger API Security scans post-deployment
    d) Analyzing and responding to API Security findings within GitHub

## What's in it for Participants?

  1. Skill Enhancement: Mastery of integrating API Security checks within the popular GitHub Actions CI/CD framework.
  2. Hands-on Experience: Directly apply workshop teachings to real-world scenarios.
  3. Collaboration: Network and collaborate with peers facing similar challenges.

Food and drinks will be provided and there's a free 90 minute parking available across the street.

CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy

Events in Santa Monica, CA
Computer Security
OWASP
Web Security
Ethical Hacking
Software Development

Sponsors

Sponsor logo
OWASP - LA
sponsorship.la@owasp.org
Sponsor logo
Wallarn
API Security and AI agents
Sponsor logo
Contrast Security
Application Detection and Response for Modern Enterprises
Sponsor logo
Kodem
Helping AppSec Teams Make Security a Priority
Sponsor logo
Arnica
AppSec made simple pipelineless detection and secret mitigation.
Sponsor logo
Endor Labs
Secure open source software without the dev productivity tax
Sponsor logo
DefectDojo
DefectDojo is the platform and product that enables scalable security
Sponsor logo
Cato Networks
One platform to connect all edges, everywhere
Sponsor logo
Checkmax
Securing the Applications Driving Our World
Sponsor logo
Mend io
equips your dev and security teams with tools to build a mature AppSec

Members are also interested in