Admin | |||||||||||||||||||||||||||||||
Half-Day: You get an API, You get an API, Everyone gets an API - In-person Session | |||||||||||||||||||||||||||||||
Description | |||||||||||||||||||||||||||||||
Session Description: API security can be overwhelming and is often overlooked. Like traditional websites, APIs are susceptible to common threats like SQL injection, authorization bypass, DoS attacks, etc. If they are not properly secured, threat actors can run amok within an application. Layer on a native mobile app, the available attack service just gets bigger. For this talk, we will unpack the OWASP API Security Project and OWASP Mobile Top 10 and discuss the types of vulnerabilities that are commonly found. We will also offer some ways to mitigate risk. Speaker Bios: Craig Barretto is an experienced security consultant & researcher who specializes in infrastructure and application penetration testing and threat and vulnerability management. He has extensive experience with mobile testing, specifically API and Android testing. In his spare time, he enjoys finding vulnerabilities in everyday household apps. Craig previously was the President of the (ISC)2 Toronto Chapter. Certifications:
Yuk Fai Chan is an information security consultant with proven experience advising clients on application security, vulnerability management, threat modelling, penetration testing, incident response, breach preparedness, and cyber security programs. He has also been the Co-Leader of the Open Web Application Security Project (OWASP) Toronto Chapter since 2011. Certifications:
CPE: 4.0 Hrs Please Note: There is a cancellation policy in effect |
|||||||||||||||||||||||||||||||
Details | |||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
Registration Fees | |||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
Registration is now closed. |
ISACA - Toronto Chapter
PO Box 6544, Station A
Toronto, ON, Canada
M5W 1X4