Hands-on walkthrough of API Security & Automated Testing for Complex API

Ashwath (co-author of ATOR Burp Plugin) and Avneesh (employee of Akto) will be doing a hands-on walkthrough of API security and talk about automating testing for complex API scenarios. They will cover the following topics:

1. What is API Security
2. Why is it important?
3. Why do BB hunters find more bugs than appsec/internal folks?
4. Common problems with API Security
5. Automated tools that are in the market:
a. Burp native scanning
b. Burp plugins - ATOR
c. Akto open source
6. Running ATOR against some basic scenarios - Demo & Hands on
7. Running Akto against a test setup - Demo & Hands on
8. Q&A
9. Wrap-up

ATOR - ATOR Github
Akto - Akto Homepage

Target Audience: Appsec engineers, Developers who work on APIs, Bug Bounty Hunters

What will they gain at end of session:
1. Why is API security important?
2. How do misconfigurations happen?
3. How to build an inventory of APIs?
4. How to automate testing for complex scenarios (chained login, multi-step API request etc.)