Session Description:

API security can be overwhelming and is often overlooked. Like traditional websites, APIs are susceptible to common threats like SQL injection, authorization bypass, DoS attacks, etc. If they are not properly secured, threat actors can run amok within an application. Layer on a native mobile app, the available attack service just gets bigger. 

For this talk, we will unpack the OWASP API Security Project and OWASP Mobile Top 10 and discuss the types of vulnerabilities that are commonly found. We will also offer some ways to mitigate risk.

Speaker Bios:

Craig Barretto is an experienced security consultant & researcher who specializes in infrastructure and application penetration testing and threat and vulnerability management. He has extensive experience with mobile testing, specifically API and Android testing. In his spare time, he enjoys finding vulnerabilities in everyday household apps. Craig previously was the President of the (ISC)2 Toronto Chapter.

Certifications:

• Offensive Security Certified Professional (OSCP)
• Certified Information Systems Security Professional (CISSP)
• GIAC Web Application Penetration Tester (GWAPT)
• Certified Ethical Hacker (CEH)

Yuk Fai Chan is an information security consultant with proven experience advising clients on application security, vulnerability management, threat modelling, penetration testing, incident response, breach preparedness, and cyber security programs. He has also been the Co-Leader of the Open Web Application Security Project (OWASP) Toronto Chapter since 2011.

Certifications:

• Offensive Security Certified Professional (OSCP)
• GIAC Certified Forensic Examiner (GCFE)

CPE: 4.0 Hrs

Please Note:  There is a cancellation policy in effect