In this talk, I'll walk you through—with live demos, examples, and war stories—what you need to know to defend and attack modern API-based web applications. I will demonstrate how an API-based application is different and how it's the same as the traditional web applications you know and love. We'll also learn about modern tools that can make testing easier and how critical it is to think through all the different security controls at your disposal to mitigate the plethora of threats out there.
Join us as we dive into these questions and discuss:
• How did we get here?
• What's changed from traditional web applications, to SOAP, to modern JSON-based SPA web apps?
• An architectural mental model to understand these threats
• New attacks against Web APIs
• New defenses against modern threats
Generously supported by:
Joe Basirico is responsible for leading the Professional Services business at Security Innovation and the development team for Security Innovation’s CyberRange CMD+CTRL. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to direct these teams in the delivery of high-quality, impactful risk and software assessment and remediation solutions to the company’s customers. His ability to blend deep technical skills with risk-based business and compliance analysis are a powerful combination. |
Questions? Have an idea for a topic? Interested in sponsoring our web programs?