API Security 101: Tools, Tips and Tricks | Pen Test HackFest Summit 2021
APIs have become the de facto standard on software development all over the world. Every organization is creating and publishing its own APIs, even banks and e-commerce sites. They are developed when organizations want to share their services without exposing sensitive information like their database structure. But what about the security of those services? Are they well protected? Even RSAC, one of the most significant information security conferences globally, had an API vulnerability in their mobile app that leaked some user's first and last names in 2018. In this talk, we'll show a few basic steps that you can take today to start looking for vulnerabilities in APIs. From the level of exposure to information sensitivity going through the ability to change data, you can check and look for different things when testing an API. We'll demonstrate some not-so-standard tools for testing APIs and some common vulnerabilities you can find by using them.
Presenter: Magno Logan, Information Security Specialist, Trend Micro
https://www.sans.org/profiles/magno-l...
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
Watch video API Security 101: Tools, Tips and Tricks | Pen Test HackFest Summit 2021 online without registration, duration hours minute second in high quality. This video was added by user SANS Offensive Operations 13 January 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 3,43 once and liked it 7 people.