Overview
Explore common API security pitfalls and best practices in this 53-minute conference talk by Philippe De Ryck. Delve into the evolution of API landscapes and the challenges of protecting access to REST APIs in JavaScript and mobile applications. Learn about crucial security features, potential vulnerabilities, and actionable advice to address security problems. Discover how to assess API security, implement best practices, and improve future implementations. Cover topics such as underprotected APIs, over-exposed data, authorization failures, client-side session data mishandling, JWT key management issues, and the importance of compartmentalization. Gain valuable insights to enhance the security of your APIs and prevent unauthorized access to user accounts and sensitive data.
Syllabus
Intro
A10 Underprotected APIs
OVER-EXPOSING API DATA
LACK OF PROPER AUTHORIZATION
FAILURE TO AUDIT THE AUTHORIZATION POLICY
MISHANDLING CLIENT-SIDE SESSION DATA
MISTAKING JWTS FOR SESSIONS
LACK OF PROPER JWT KEY MANAGEMENT
Cookie: ID=42
UNDERESTIMATING THE IMPACT OF SESSION TRANSPORT
FAILURE TO COMPARTMENTALIZE
Taught by
NDC Conferences