API Security Top 10 Vulnerabilities

As software crafters, our responsibility spans more than just shipping working, maintainable software and automated tests. The applications we build must be secured, observable, and reliable. Tools can assist us up to a point, but from there on it's up to the design decisions we take to avoid common pitfalls as early as possible in the development cycle.

In this presentation, we will walk over the top 10 most common security vulnerabilities when developing REST APIs, similar to the classic OWASP Top 10 that many of you might be familiar with.

Vulnerabilities we'll discuss:
Broken Object Level Authorization
Broken User Authentication
Excessive Data Exposure
Lack of Resources & Rate Limiting
Broken Function Level Authorization
Mass Assignment
Security Misconfiguration
Injection
Improper Assets Management
Insufficient Logging & Monitoring

The passionate participant is encouraged to read in advance about the topics we'll cover at https://owasp.org/www-project-api-sec...

The discussion will include some brief code examples in Java, but speakers of any programming language are welcome, as always. If you are interested in the full story, check out my 2-days Secure Coding workshop in my training offer http://victorrentea.ro/training-offer/

Let's hack our way to better software engineers together!

👩🏻‍💻👨‍💻

About the speaker:

Victor Rentea is a Java Champion, Consultant, and Trainer writing code since 2006. His passion is Refactoring, Simple Design, and Unit Testing, about which he regularly talks at top conferences, but also to the Bucharest Software Craftsmanship Community that he founded. On victorrentea.ro you can find his blog, a selection of his best talks, his training offer, live masterclasses, and social channels.