APIs are the beating heart of any modern web design. Cloud-based applications, Web services, mobile applications, IoT devices, and the list goes on. Studies show that approximately 80% of internet traffic is API traffic – everyone uses dozens of APIs every day, whether they know it or not.

The wide adoption of relatively complex technologies does not come risk-free – the door is open for implementation mistakes, design hiccups, logic flaws, and integration issues, all leading to open attack vectors.

In this talk, we will discuss:

• Real-world use cases, showing examples of API vulnerabilities.
• Discuss ideas on how to mitigate these design flaws.
• Discuss the pros and cons of relying on OAS\swagger security validations (small hint - it is not very efficient)

Let’s talk about how to build secure API-based software.