Name: Hands-on walkthrough of API Security & Automated Testing for Complex API
Start: 2023-05-10T19:00:00+08:00
End: 2023-05-10T21:00:00+08:00
Location: Akamai Technologies

Ashwath (co-author of ATOR Burp Plugin) and Avneesh (employee of Akto) will be doing a hands-on walkthrough of API security and talk about automating testing for complex API scenarios. They will cover the following topics:

1\. What is API Security
2\. Why is it important?
3\. Why do BB hunters find more bugs than appsec/internal folks?
4\. Common problems with API Security
5\. Automated tools that are in the market:
a. Burp native scanning
b. Burp plugins - ATOR
c. Akto open source
6\. Running ATOR against some basic scenarios \- Demo & Hands on
7\. Running Akto against a test setup \- Demo & Hands on
8\. Q&A
9\. Wrap\-up

ATOR - [ATOR Github](https://github.com/PortSwigger/ator)
Akto - [Akto Homepage](https://www.akto.io/)

**Target Audience:** Appsec engineers, Developers who work on APIs, Bug Bounty Hunters

**What will they gain at end of session**:
1\. Why is API security important?
2\. How do misconfigurations happen?
3\. How to build an inventory of APIs?
4\. How to automate testing for complex scenarios \(chained login\, multi\-step API request etc\.\)

Wong Onn Chee

Cecil Su

OWASP Singapore Chapter

OWASP® Foundation 

Technology

Web Security

OWASP

Information Security

Application Security

Software Security

Computer Security

Cybersecurity

Web Application Security

Ashwath currently works as a Principal Engineer at Razorpay. He has previously worked at Synopsys and Microsoft Corp. His interests are in Cloud Security, Red teaming, Application security (Web Applications) and Threat Modeling. He has released plugins for Burp to handle complex authentication mechanisms . He has presented at Rootconf, FS-Isac, Nullcon, Cocon, Bright Talk, 50p (HasGeek) and technical conferences conducted by SAP, IAF, Infosys, NetApp amongst others.

Avneesh started as the first employee at akto.io (an API security company). His interests lie in the area of API security, understanding misconfigurations in API setup and variants of API architectures like GraphQL, JSONP, gRPC. While working on the tool, he has shared his experiences in multiple forums such as Accel CTO & CISO summit.

Ashwath & Avneesh

Hands-on walkthrough of API Security & Automated Testing for Complex API

Akamai Technologies

Share

OWASP Singapore Chapter

Hands-on walkthrough of API Security & Automated Testing for Complex API

OWASP Singapore Chapter

Details

Members are also interested in