Are you sure your APIs are secure?

The enormous rise in the use of APIs to exchange data between systems has introduced a popular new attack vector for people with malicious intents. Therefore, to prevent ending up in the news, it's probably a good idea to make sure that your APIs are not vulnerable to common API security weaknesses and exploits. The good news is that API security testing does not have to be hard or time-consuming, and it is not something only people with deep and specialist knowledge can do.

In this session, you will learn how to get started with testing the security of your APIs using common and popular tools and libraries like Postman and REST Assured, and with the 2023 OWASP API security top 10 as our guideline. And because seeing is believing, I will run a number of API security testing experiments and talk you through my thought process and interpretation of the results, so you can replay these experiments against your own APIs right away.

Bas Dijkstra is an independent test automation consultant and trainer, and has:

• been in the test automation field for some 17 years now, and has worked on software testing and automation solutions across a wide range of programming languages, frameworks and technology stacks.
• delivered test automation training to dozens of companies and hundreds of conference attendees in the Netherlands as well as abroad.
• developer of RestAssured.Net, a library that is meant to make writing tests for HTTP APIs in C# a breeze.

He lives in Amersfoort, The Netherlands, with his wife and two sons. When not at work, he likes to go outside for long bike rides, or to sit down and read a good book.

NOTE: This meetup will be online only.