Hacking (and Defending!) APIs

OVERVIEW

APIs are a leading attack vector that often get pushed into production without proper security testing. In this presentation we will provide an overview of the OWASP API Security Top 10 vulnerabilities from an adversarial perspective. Then we will discuss how vulnerability management programs often use the wrong tools to test APIs and how to build an effective API security stack.