API's are a dream for developers, but make sure they don't become a nightmare for your corporate security !
12 October 2021 (13h30-18h CEST)
Register Now »
Location: Live Online Event
(@YOUR DIGITAL WORKPLACE)
Presented in English
by Erwin Geirnaert
Price: 420 EUR
(excl. 21% VAT)
Why do we organise this workshop ?
This new workshop is intended to provide participants with the necessary insights into securing APIs of critical applications.
More and more APIs are used in critical applications:
- between the browser and the web server when using Angular/React/... through JSON
- for communication between Internet of Things devices and the management platform
- to exchange information between banks according to the PSD2 obligation
- to enable Single-Sign-On and Social Logon by OAuth and OpenID connect
- mobile apps that retrieve sensitive information from back-end APIs
- infrastructure management such as Amazon Web Services
- setting up containers using Kubernetes and the associated APIs
What will you learn during this workshop ?
In this workshop we want to zoom in very pragmatically on the various vulnerabilities related to this and how we can limit the risks as much as possible and map attack attempts.
Who should attend this workshop ?
This workshop is aimed at developers and architects of applications in which APIs are used.
This is a live online-only training, where we try to simulate the interaction and group feeling of an onsite meeting. We ask for your cooperation by turning on your camera and participating via the interactive chat, raising your hand, interrupting the speaker to ask questions, exchanging ideas via a whiteboard, etc. In this way, we can create as much, often even more, value for the participants. This is not going to be a boring webinar where Erwin shows slides and reads a text, on the contrary ...
13.15h - 13.30h
Welcome in a Waiting Room + Introduction
Start Live Online Meeting (we divide the afternoon into 3 blocks of 75 minutes + 2 breaks of max. 15 minutes)
Vulnerabilities in web APIs (REST, GraphQL & SOAP) using the OWASP API Security Project
Security best practices for web APIs: how can we now implement the necessary security measures to have sufficient assurances in terms of confidentiality, integrity and availability of the APIs
Techniques and tools for secure architecture, continuous testing and attacks of APIs and microservices
Discussing the new security features such as Content Security Policies, HSTS, JWT, OAuth2, OpenID Connect, ... that are needed to secure authentication tokens, session cookies, access keys, tickets, ... needed for secure authentication and authorization
Secure design of an API architecture: drawing up a security architecture, secure deployment in the CI/CD, continuous monitoring of vulnerabilities and attacks, ...
End of this workshop
Erwin Geirnaert Co-founder and Chief Application Security Architect at Shift Left Security, a start-up that helps companies to build, develop and operate secure applications running in Amazon Web Services, Microsoft Azure and Google Cloud Platform.
We provide solutions to continuously monitor the overall security posture of your application, provide assistance on how to solve and mitigate vulnerabilities and help to become compliant.
Erwin is the former Co-founder and Chief Hacking Officer at ZIONSECURITY, the European application security company.
Erwin is a specialist in J2EE security, .NET security, API Security and web services security. He has more than 20 years experience in executing security tests aka penetration testing of web applications, mobile apps, APIs and thick client applications. He also architects secure e-business projects for banks, web agencies and software companies, and is a recognized application security expert and speaker at international events like Javapolis, LSEC, OWASP, Eurostar, Infosecurity, ...
Check out these related open workshops:
Check out our related in-house workshops:
Questions about this ? Interested but you can't attend ? Send us an email !