API World -- PRO Stage 1 - Hopin 4

Join on Hopin

Tuesday, October 27, 2020

PRO WORKSHOP (API): API’s Dark Side: Addressing AppSec’s Biggest Challenge
Erez Yalon
Erez Yalon
Checkmarx, Director of Security Research

While APIs have clear and obvious benefits, they’re also creating a rapidly-growing attack surface that isn’t widely understood and is sometimes completely overlooked by developers and software architects. With recent reports suggesting that by 2022, API abuses will be the most responsible vector for data breaches within enterprise web applications, securing them is a top challenge and must be a bigger priority.

The first step in accomplishing this goal is generating awareness around the most critical API-related vulnerabilities and ways of protecting these programs.

This significant gap in knowledge drove me to spearhead the development of the OWASP API Security Top 10 list, which was officially published at the end of 2019, to inform organizations, developers, and security professionals about the top issues impacting API-based applications. Since deploying, it has been adopted as the de-facto standard by many organizations and security specialists.

In this talk, I'll emphasize the uniqueness of API-centric design from the security angle, highlight the risks presented by API use, and show why an increased level of awareness is required to mitigate the risks. From there, I'll dive into the top security risks presented in the OWASP API Top 10 list, and provide example attack scenarios for each. Finally, I will share what we can expect to see when it comes to API exploitation moving forward as modern software is increasingly targeted by adversaries