[Mountain View, CA] 2025-01-16 - Pacific Hackers & OWASP January Meetup
Details
NOTE: Host (Hacker Dojo) requires the attendees' full name and email address to pre-register. Kindly use the below link to register:
Happy New Year! We're thrilled to announce our upcoming workshop: "Exploiting OWASP API Top-10 Vulnerabilities in Action: A Juice Shop Adventure."
This meetup is in partnership with the OWASP Bay Area Chapter
A big thank you to Appsentinels, A Full Life-cycleAPI Security Platform, for sponsoring this meetup.
5.30-6 PM: Food, Drinks, and Networking.
6-8 PM:- Workshop
Agenda:
1. Introduction (10 minutes)
2. Juice Shop Setup & Overview (10 minutes)
3. Hands-on guided exercise: Exploiting OWASP API Top-10 (90 min)
1. Broken Object Level Authorization (BOLA)
2. Broken Authentication
3. Broken Object Property Level Authorization (BOPLA)
4. Unrestricted Resource Consumption
5. Broken Function Level Authorization (BFLA)
6. Unrestricted Access to Sensitive Business Flows
7. Server-Side Request Forgery (SSRF)
8. Security Misconfiguration
9. Improper Inventory Management
10. Unsafe Consumption of APIs
4. Mitigations & Best Practices (30 minutes)
- Discussing mitigation strategies
5. Wrap-up (15 minutes)
Note:
- Hands-on activities will be the core focus of this workshop
- Participants are required to bring their own laptops
By the end of this workshop, participants will have a better understanding of OWASP API Top-10 vulnerabilities and the ability to identify and mitigate these risks in real-world applications.