Home Conference Sessions Common API Secur...

Common API Security Pitfalls

Philippe De Ryck | GOTO Amsterdam 2019

You need to be signed in to add a collection

The shift towards an API landscape indicates a significant evolution in the way we build applications. The rise of JavaScript and mobile applications have sparked an explosion of easily-accessible REST APIs. But how do you protect access to your API? Which security aspects are no longer relevant? Which security features are an absolutely must-have, and which additional security measures do you need to take into account? These are hard questions, as evidenced by the deployment of numerous insecure APIs. Attend this session to find out about common API security pitfalls, that often result in compromised user accounts and unauthorized access to your data. We expose the problem that lies at the root of each of these pitfalls, and offer actionable advice to address these security problems. After this session, you will know how to assess the security of your APIs, and the best practices to improve them towards the future. **What will the audience learn from this talk?**<br> An overview of security pitfalls in APIs, how to detect them, and how to avoid them. **Does it feature code examples and/or live coding?**<br> No. The slides do have examples, but no in-depth code examples. **Prerequisite attendee experience level:** <br> [Level 300](https://gotoams.nl/2019/pages/experience-level)

Share on:
linkedin facebook
Copied!

Transcript

The shift towards an API landscape indicates a significant evolution in the way we build applications. The rise of JavaScript and mobile applications have sparked an explosion of easily-accessible REST APIs. But how do you protect access to your API? Which security aspects are no longer relevant? Which security features are an absolutely must-have, and which additional security measures do you need to take into account?

These are hard questions, as evidenced by the deployment of numerous insecure APIs. Attend this session to find out about common API security pitfalls, that often result in compromised user accounts and unauthorized access to your data. We expose the problem that lies at the root of each of these pitfalls, and offer actionable advice to address these security problems. After this session, you will know how to assess the security of your APIs, and the best practices to improve them towards the future.

What will the audience learn from this talk?
An overview of security pitfalls in APIs, how to detect them, and how to avoid them.

Does it feature code examples and/or live coding?
No. The slides do have examples, but no in-depth code examples.

Prerequisite attendee experience level:
Level 300

About the speakers

Philippe De Ryck

Philippe De Ryck

Web Security Expert, Founder of Pragmatic Web Security