Practical API Security Workshop: Attack and Defense

Attack and Defense - Practical API Security Workshop

Think like a hacker

Recording available until  December 1st

DAYS

HOURS

MINUTES

SECONDS

Attack and Defense - Practical API Security Workshop

Think like a hacker

Recording available until  December 1st

DAYS

HOURS

MINUTES

SECONDS

Attack and Defense

In this hands-on workshop, you will get to know vulnerabilities and how they can be exploited to break into an application through an API. A closer look at OWASP’s API Security Top 10 will provide you with details about some possible attacks and their prevention. You will learn to protect APIs against attacks using secure coding practices, software architecture, and security infrastructure like API gateways.

This practice-oriented workshop is not about compliance and papers. It’s about technology and methodology with lots of demonstrations and best practices.

API Attack and Defense

Learn to think like a hacker

APIs are connecting Single Page Applications on the Web with backend systems containing sensitive data. Companies are becoming platforms by exposing business functions as APIs. The ever-growing attack surface of APIs is opening backdoors into applications. IT security has just started to recognize APIs as a vector for attacks. To effectively protect APIs, it is important to understand potential attacks and their targeting. In the workshop, you learn how to think like a hacker and to apply several techniques to break into an application through an API. You will learn how to discover API-related security issues and vulnerabilities. We will discuss current best practices and strategies for improving API security.
devmio Fullstack Access

Enhance your security

Almost every company was affected by the Log4J vulnerability at the end of last year. In the workshop, we will demonstrate the complete attack including the remote code execution through an API.You will learn how hackers use vulnerabilities and exploits like mass assignment, SQL injection, and broken user authentication to get access to resources through an API. This workshop is for IT security specialists, software architects, and developers who have to protect resources against threats imposed by APIs. Learn how to apply secure coding practices, proper software architecture, and infrastructure to give hackers a hard time.
eDe22_API_Security_poweredby_farbig_66737_v1

Tobias Polley​

Tobias Polley API Expert

predic8

Tobias Polley is CEO, architect, consultant and trainer at predic8 in Bonn, Germany. He spends most of his time with developers and architects helping them to become more productive. To enable faster time-to-market, he helps leverage cloud technologies. Together with his customers, he architects, sets up and secures Kubernetes clusters, API gateways as well as CI/CD chains for cloud native applications. Tobias contributes to several open source projects. He maintains the open source API gateway Membrane Service Proxy which helps companies secure their applications.

Focusing on cloud infrastructure, his interest in distributed systems comes in handy. He is amazed by (in)effective security measures competing with bureaucracy and clearly favors one over the other.

Thomas Bayer

Thomas Bayer API Workshop

predic8

Thomas Bayer works as a development consultant for over 25 years. He cofounded predic8, a software consultancy located in Bonn Germany, he is interested in APIs, Microservices, and application integration. He developed and maintains open-source tools and libraries that are the foundation for several API products and services across the industry. In his spare time, he does yoga or takes photographs.


How do I get access?

This event is free to access. Just register an account and participate! devm.io/login

Users with Fullstack Access already have free access to the live event. Log in with your devmio account and select the live event in the menu under Events.

Get Fullstack Access and participate

fullstack logo

The Fullstack Access is the package for every software professional. As a subscriber, you have full access to all the content on devmio

  • 2+ live workshops every month included
  • Thousands of articles, series, ebooks and columns
  • Discounts for participation in conferences and training
  • Access to recordings of your conferences and training
  • Intelligent AI search engine AskFrank
  • Access everywhere - mobile, web and app
  • Step-by-Step video tutorials
Fullstack Access

$120 / year – save $24 –
get access for 12 month, pay 10 month!

  • Interactive live events exclusively on the platform
  • Step-by-step tutorials about current topics
  • Thousands of articles, magazines, ebooks, series, columns and our archive

Save up to 38% with our Team Access

  • Discounts for up to three orders of your team's participation in our conferences and training
    3 user licence: $150
    5 user licence: $200
    10 user licence: $250
    15 user licence: $300
  • 6 months access to the video recordings of attended conferences and trainings

We find the right offer for every team!

  • Discounts for participation in our conferences and training
  • 6 months access to the video recordings of attended conferences and trainings
  • Straightforward access via IP address
  • Company-wide access via e-mail domain
  • No administrative effort

$120 / year – save $24
get access for 12 month, pay 10 month!

  • $100 discount on up to 3 orders for our conferences or training events
  • Interactive live events exclusively on the platform
  • Step-by-step tutorials on current topics
  • Thousands of articles, magazines, ebooks, series and columns as well as our comprehensive archive

Save up to 38% with the Team Access

  • Discounts for up to 3 orders of your team's participation in our conferences and training
    3 users licence: $150
    5 users licence: $200
    10 users licence: $250
    15 users licence: $300
  • 6 months access to the video recordings of attended conferences and training

We find the right offer for every team!

  • Discounts for participation in our conferences and training
  • 6 months access to the video recordings of attended conferences and trainings
  • Straightforward access via IP address
  • Company-wide access via e-mail domain
  • No administrative effort