API Security

API Security

API's are a dream for developers, but make sure they don't become a nightmare for your corporate security !

12 October 2021 (13h30-18h CEST)
Location: Live Online Event (@YOUR DIGITAL WORKPLACE)
Presented in English by Erwin Geirnaert
Price: 420 EUR (excl. 21% VAT)
Register Now »

This event is history, please check out the NEXT SESSION

Check out our related in-house workshops:

 Learning Objectives

Why do we organise this workshop ?

This new workshop is intended to provide participants with the necessary insights into securing APIs of critical applications.

More and more APIs are used in critical applications:

  • between the browser and the web server when using Angular/React/... through JSON
  • for communication between Internet of Things devices and the management platform
  • to exchange information between banks according to the PSD2 obligation
  • to enable Single-Sign-On and Social Logon by OAuth and OpenID connect
  • mobile apps that retrieve sensitive information from back-end APIs
  • infrastructure management such as Amazon Web Services
  • setting up containers using Kubernetes and the associated APIs
  • ...
  Schrijf in voor beide seminars met Erwin Geirnaert:

Register NOW for this seminar AND for the practical seminar on Ransomware, together for only 720 EUR (+ VAT).

What will you learn during this workshop ?

In this workshop we want to zoom in very pragmatically on the various vulnerabilities related to this and how we can limit the risks as much as possible and map attack attempts.

Who should attend this workshop ?

This workshop is aimed at developers and architects of applications in which APIs are used.

This is a live online-only training, where we try to simulate the interaction and group feeling of an onsite meeting. We ask for your cooperation by turning on your camera and participating via the interactive chat, raising your hand, interrupting the speaker to ask questions, exchanging ideas via a whiteboard, etc. In this way, we can create as much, often even more, value for the participants. This is not going to be a boring webinar where Erwin shows slides and reads a text, on the contrary ...

 Full Programme

  Schrijf in voor beide seminars met Erwin Geirnaert:

Register NOW for this seminar AND for the practical seminar on Ransomware, together for only 720 EUR (+ VAT).

13.15h - 13.30h
Welcome in a Waiting Room + Introduction
Start Live Online Meeting (we divide the afternoon into 3 blocks of 75 minutes + 2 breaks of max. 15 minutes)
Vulnerabilities in web APIs (REST, GraphQL & SOAP) using the OWASP API Security Project
Security best practices for web APIs: how can we now implement the necessary security measures to have sufficient assurances in terms of confidentiality, integrity and availability of the APIs
Techniques and tools for secure architecture, continuous testing and attacks of APIs and microservices
Discussing the new security features such as Content Security Policies, HSTS, JWT, OAuth2, OpenID Connect, ... that are needed to secure authentication tokens, session cookies, access keys, tickets, ... needed for secure authentication and authorization
Secure design of an API architecture: drawing up a security architecture, secure deployment in the CI/CD, continuous monitoring of vulnerabilities and attacks, ...
End of this workshop


Erwin Geirnaert (Shift Left Security)
Shift Left Security

Erwin Geirnaert Co-founder and Chief Application Security Architect at Shift Left Security, a start-up that helps companies to build, develop and operate secure applications running in Amazon Web Services, Microsoft Azure and Google Cloud Platform. We provide solutions to continuously monitor the overall security posture of your application, provide assistance on how to solve and mitigate vulnerabilities and help to become compliant.

Erwin is the former Co-founder and Chief Hacking Officer at ZIONSECURITY, the European application security company.

Erwin is a specialist in J2EE security, .NET security, API Security and web services security. He has more than 20 years experience in executing security tests aka penetration testing of web applications, mobile apps, APIs and thick client applications. He also architects secure e-business projects for banks, web agencies and software companies, and is a recognized application security expert and speaker at international events like Javapolis, LSEC, OWASP, Eurostar, Infosecurity, ...

Questions about this ? Interested but you can't attend ? Send us an email !