Overview
Explore the intersection of API and application security in this 51-minute conference talk by Joe Schottman, a Security Analyst focused on R&D. Gain insights into the OWASP Top Ten Security Risks for APIs and web applications, understanding their commonalities and differences. Learn the fundamentals of APIs, including Web Services and GraphQL, before diving into a comprehensive analysis of various security risks. Discover detection methods and prevention strategies for vulnerabilities such as injection attacks, API weaknesses, and excessive data exposure. Conclude with valuable final thoughts on harmonizing security approaches across both domains to create a more robust defense against potential threats.
Syllabus
Intro
Five Questions
Agenda
Web Services
APIs
GraphQL
Top 10 List
Injection Attacks
API Weaknesses
Defenses
Insecurity
Excessive Debt
Final Thoughts
Taught by
OWASP Foundation