Topic: API Security in Depth
The OWASP API Security Project was designed to address the ever-increasing number of organisations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would help make them secure from an attack.
This project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs, and illustrating how these risks may be mitigated. Although this security project addresses modern threats for API based applications, traditional vulnerabilities like SQLi and XSS are becoming less common in APIs, and there has been an increase in vulnerabilities that are either specific to APIs or present a more significant risk, which many developers are unaware of.
The presentation will cover the following:
- The biggest challenge in APIs: authorization
- OWASP top 10 for APIs, including examples
- Tools for security engineers to perform pentest for APIs
- Tips for developers on how to develop more secure API
Participants will have the opportunity at the end of the session to ask questions of the speaker via the Q&A tool.
Speaker: Erez Yalon, Director of Security Research at Checkmarx
Erez Yalon heads the security research group at Checkmarx. With vast defender and attacker experience and as an independent security researcher, he brings invaluable knowledge and skills to the table. Erez is responsible for maintaining Checkmarx’s top notch vulnerability detection technology where his previous development experience with a variety of coding languages comes into play.
This webinar is free and only available to AISA Members, please click here to register online
Non AISA Members: If you would like to become an AISA member you can join here
For any queries regarding this event, please contact AISA Event & Sponsorship Manager, Susanna Palermo via email firstname.lastname@example.org or visit our website www.aisa.org.au
- 3:00pm - 4:00pm AEST (Brisbane, Canberra, Hobart, Melbourne & Sydney)
- 2:30pm - 3:30pm ACST (Adelaide & Darwin)
- 1:00pm - 2:00pm AWST (Perth)
Participate in the webinar:
- Once you have registered you will receive a confirmation email with the webinar registration link. Use this link and ensure you logon to the webinar at least 10 minutes prior to the start time
- You will require a strong and stable internet connection
- It is recommended you use a headset or headphones so you can hear the presentation
- A recording of the live session will be available for registrants after the event
This webinar is proudly sponsored by:
AISA has evaluated the use of Zoom based on the Traffic
Light Protocol which was facilitated for greater information
sharing. AISA webinars are considered TPL White as the information
contains minimal or no foreseeable risk of misuse. In addition AISA has evaluated the
use of Zoom for this purpose as aligned to ACSC
Web Conferencing Security, April 2020, see link at https://www.cyber.gov.au/publications/web-conferencing-security
and has implemented controls to minimise risks. You are required to register for the webinar via the Zoom