Post-conference update: Slides for this talk can be found here: slides
OWASP will be holding its annual SnowFROC conference in Denver, Colorado on March 14, 2025. This year, I was invited to give an updated version of my talk Crash Course Into the OWASP API Top 10:
Application Programming Interfaces (APIs) are the glue that allows independently evolving systems to communicate with each other, and are an important focus for security investment due to their privileged access to sensitive data and functionality.
Recently, the OWASP API Top 10 has been updated for 2023, so join us as we introduce the OWASP API Security Project. We’ll cover what’s new in the 2023 API Top 10, as well as compare the differences with the previous 2019 version.
For those interested in hands-on practice, we’ll also briefly introduce the OWASP crAPI (Completely Ridiculous API) Project which demonstrates common API vulnerabilities.
I will also be previewing this talk at the local DC303 meetup on February 21st. The DC303 meetup holds a special place in my heart for its emphasis on live demos and hands-on exercises. With the extra time afforded by the meetup format, we will have the opportunity to practice on a live vulnerable API lab.
If you’re in the Denver area for either of these dates, feel free to say hello!