Common API Security Pitfalls

Explore common API security pitfalls and best practices in this 31-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into the evolving landscape of API-driven applications, focusing on REST APIs for JavaScript and mobile platforms. Learn to identify critical security features, assess potential vulnerabilities, and implement robust protection measures for your APIs. Discover how to prevent unauthorized access, secure user accounts, and safeguard sensitive data. Gain actionable insights on evaluating API security, addressing root causes of vulnerabilities, and adopting forward-thinking security practices. Benefit from the expertise of Philippe De Ryck, founder of Pragmatic Web Security and Google Developer Expert, as he covers topics including stateless APIs, JSON Web Tokens, encryption, HMAC, asymmetric signatures, key management, cookies vs. tokens, cross-origin requests, and the limitations of input validation.

Intro
Overview
About Philip
API Security Baseline
Stateless API
JSON Web Tokens
Encryption
HMAC
Asymmetric signature
Key management
Cookies vs tokens
Crossorigin requests
Input validation
Dont rely on input validation