APIs have progressed from being add-ons to a core application to become the fundamental building blocks of modern software architecture. Many companies have had an API security incident in the past 12 months including the recent Optus hack.
And yet, surprisingly many organizations are still overlooking or not realizing that the API part of the web application attack surface can be covered when planning and executing their AppSec programs.
Join Invicti Senior AppSec Manager Suha Akyuz as he discusses the practical challenges of API vulnerability testing, technical solutions to overcome them, and best practices to make it all work in a modern web development pipeline.
You will also learn:
- Why API vulnerability testing in modern development pipelines runs into so many obstacles
- How advances in AppSec technologies have made it possible to automatically test APIs in combination with the rest of your web attack surface, allowing you to save on valuable resources
- What best practices you can follow to make API security testing a routine and efficient part of your secure SDLC
There is no question that APIs are difficult to test. If undocumented API endpoints make it into production, they can quietly increase the overall attack surface, exposing sensitive data and critical functionality directly to attackers. Join the webinar to learn practical ways to make API security a routine part of a successful web application security program.