Testing and Hacking APIs

Explore the world of API security in this 28-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into the unique challenges of testing and hacking APIs in modern applications, including web, mobile, and IoT. Learn to leverage the API battleground by understanding application implementation from API traffic, detecting potential vulnerabilities, and conducting effective penetration tests. Gain insights from an experienced application security professional on topics such as API care, call verification, access control evaluation, and common API vulnerabilities. Discover techniques for finding APIs, exploiting mass assignment vulnerabilities, and expanding the attack surface. Perfect for security researchers and pentesters looking to adapt their skills to the evolving landscape of API-centric applications.

Intro
About Anand Shetty
What are APIs
What happens today
Good and bad news
New mindset
API care
API call verification
Access control evaluation
API vulnerabilities
How to find APIs
Mass Assignment
Masked Assignment
Mass Assignment Exploit
ClientSide Data Filtering
Expanding the Attack Surface
Example