techorama, deep knowledge IT conference
Oct 07 - 09 | 2024 Utrecht Netherlands

Bulletproof APIs: Hands-On API Security

Monday 07 October

09:00 - 17:00

philippe-de-ryck.jpg
Philippe De Ryck

As APIs become a big part of our tech world, making sure they're secure is key. The 2023 version of the OWASP API Security top 10 shows us that API security needs our attention. Building secure APIs isn't easy, though. It needs developers and architects to really get API security, from the big picture down to the nitty-gritty details.

This workshop is here to give you the skills you need to make your APIs secure. We're going to think like an attacker to test APIs and like a defender to figure out the best ways to protect them. With deep-dive talks, real-world demos, fun quizzes, and hands-on labs, you'll learn how to lock down your APIs.

During this hands-on training, we'll explore:
- The security model of API-based web applications
- Recognizing and addressing authorization failures
- Understanding Broken Object Property Level Authorization (BOPLA)
- Fixing Broken Object Level Authorization (BOLA)
- Testing the security of APIs that use JWTs
- Best practices for making JWTs secure in modern APIs
- Identifying, exploiting, and fixing Server-Side Request Forgery (SSRF) issues
- Quizzes and labs to make learning stick
- Q & A throughout the workshop to clear up any doubts

This workshop is about more than theory. We're all about giving you practical security tips you can use right away as an API developer. We dig into the root causes of API threats and how to handle them. We don't just skim the surface of problems and solutions - we get into the why's and how's, looking at common fixes, why some fall short, and which ones are currently the best way to go.


By the end of this workshop, you'll be up-to-speed on the best practices for API security. You'll also leave with a handy list of steps to check and boost the security of your applications.

Prerequisites: laptop + modern web browser.

Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide. His online course platform allows anyone to learn complex security topics at their own pace. Philippe is a Google Developer Expert and an Auth0 Ambassador for his community contributions on the security of web applications and APIs.