[FREE] Online Mini API Security Hands-On Workshop
Details
OWASP Singapore Chapter, together with Practical DevSecOps, is hosting a free Mini API Security Hands-On Workshop focused on real world API security testing and defense.
This is a 90-minute live, hands-on workshop designed for developers, security engineers, and anyone interested in understanding how API vulnerabilities are discovered and mitigated in practice.
Event Details
- Date: 29 January 2026
- Time: 8:00 PM SGT onwards
- Mode: Online
- Access: Workshop links will be shared with registered participants
### Workshop Overview
This session is entirely hands-on. There are no slides. Learning happens through whiteboard explanations, live demonstrations, and guided exercises in a controlled lab environment that participants can practice along with.
The workshop provides practical exposure to API security from both an attacker and defender perspective, using industry standard tools and realistic scenarios.
### What you will learn
- Work directly with APIs to understand common security flaws and defenses
- API authentication mechanisms including HTTP Basic, API Keys, OAuth, and JWT
- Enumeration and exploitation techniques using tools such as FFUF
- Exploitation of critical API vulnerabilities including insecure deserialization and path traversal
- Defensive techniques using automated scanning tools
- Implementing security controls such as rate limiting
The session concludes with a focus on defensive API security, helping participants understand how to identify issues early and apply effective protections.
### Hands-On Lab Environment
All exercises are conducted in a dedicated Practical DevSecOps lab environment that runs entirely in the browser. It works smoothly on laptops, notebooks, and even iPads, with no additional software required.
### Who should attend
- Developers building or consuming APIs
- Security engineers and penetration testers
- DevSecOps practitioners
- Anyone looking to gain practical API security skills
Participants will leave the workshop with actionable, hands-on experience and skills they can immediately apply to secure APIs in real world environments.