Explore the potential security risks of webhooks in this 26-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into how the open-ended nature of webhook integrations can lead API developers to inadvertently expose sensitive data beyond intended boundaries, potentially resulting in network compromises. Examine real-world examples of vulnerable applications and learn about the researchers' experiences with discovering and responsibly disclosing webhook-related vulnerabilities. Gain insights into how webhook development tools are being exploited in the wild and discover practical preventive measures to mitigate these threats. Learn about a new toolkit designed to help audit organizational webhook exposure. Presented by Tomer Zait, Principal Security Researcher at F5, and Maxim Zavodchik, Security Research Manager at F5 Networks, this talk offers valuable knowledge for anyone involved in API development or cybersecurity.
Overview
Syllabus
Webhooks Hookups Abusing API Developers TOMER ZAIT & MAXIM ZAVODCHIK
Taught by
OWASP Foundation
Related Courses
-
Specialized Testing: API Testing
-
Hook, Line and Sinker - Pillaging API Webhooks
-
Using API Specifications to Attack APIs
-
Security Is Key - The Vulnerabilities of API Security
-
vAPI: Vulnerable Adversely Programmed Interface - OWASP API Top 10
-
API Security Testing with Noname Security - Overview and Live Demo
