Colin Domoney is an API security research specialist and developer advocate with 42Crunch. He oversees the development of the 42Crunch community and curates the APISecurity.io industry newsletter. Colin is an experienced AppSec and Cloud security professional having worked with Cyberproof, Veracode, and oversaw Deutsche Bank’s global AppSec program.
The Rugged Manifesto threw down the gauntlet to developers – is your code more than secure, is it also rugged? Is it resilient and able to withstand attacks from talented and well-funded adversaries? If you’re an API developer you are on the frontline when it comes to building rugged software since your APIs are likely to be public-facing, well documented, discoverable, and constantly under attack.
In this session, we explore the OWASP API Top 10 vulnerabilities and other challenges that face API developers when building a secure API. We show how to leverage the power of the OpenAPI specification to better understand how to protect specific endpoints and responses, how to constrain input and output data, and how to use a variety of API test tooling to verify the specification and the API implementation. Finally, we’ll review several recent high-profile API breaches and recreate the underlying issues to gain a deeper insight into the root cause and how to defend against such errors.