Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, May 21 • 14:30 - 15:15
The API Assessment Primer

Sign up or log in to save this to your schedule and see who's attending!

API's are everywhere now. SOA, IoT, Mobile, and Thick clients all heavily rely on web services and API's. This talk will present a primer on how to assess these services/interfaces for developers and testers alike. The introduction will include topics such as API identification, common implementations and frameworks. The bulk of the talk will focus on a assessment checklist that anyone can use to test these technologies for security flaws covering topics such as:

Authentication
Verbose-ness
Hidden Functions
Lack of Access Control
Transport Security
Tampering/Trust
Injection

** Where possible we will point to free resources for assessors to carry out the testing ** 

Speakers
avatar for Greg Patton

Greg Patton

Static Analysis Team Manager, HP Fortify on Demand
Greg Patton is the Static Application Security Testing (SAST) Team Manager with HP Fortify on Demand based in Houston, TX. Greg specializes in application security with a focus on dynamic run-time web and mobile assessments over the past eight years. Greg started his career in software development, but he discovered a natural talent and interest in breaking applications. Today Greg assists customers with building secure applications and secure... Read More →


Thursday May 21, 2015 14:30 - 15:15
Room Forum Amsterdam RAI

Attendees (35)