Description

Building secure APIs and microservices is hard, really hard. Not only do you have to make the right architectural security decisions, you also have to be aware of various implementation vulnerabilities to ensure the security of your applications. This workshop provides API developers with the necessary knowledge to assess and improve the security of their APIs.

With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure APIs. We investigate various techniques to implement authentication and authorization, along with their trade-offs and pitfalls. We dive deep into handling JSON Web Tokens, but also discuss the relevance of browser security features such as Cross-Origin Resource Sharing.

This workshop offers practical and immediately applicable security advice for API developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.

Trainers

• Philippe De Ryck

Schedule

07:30 - 08:30

• Continental breakfast buffet with the trainers

08:30 - 10:30

• Introduction to API security

• The OWASP API Security Top 10

• Common API authorization failures

• Enforcing API authorization

• API authorization best practices

• Hands-on labs

10:30 - 11:00

• Break with coffees, teas, juices, energizers and snacks

11:00 - 12:30

• The nonsense of "cookies vs tokens"

• Architectural patterns for handling authentication state

• Token security best practices

• Hands-on labs

12:30 - 14:00

• Lunch with fresh soup, salads, selections of cold and warm fish and meat dishes, dessert

14:00 - 15:30

• Understanding the security features of JWTs

• Practical JWT use cases

• Common JWT security pitfalls

• Hands-on labs

15:30 - 16:00

• Break with coffees, teas, juices, energizers and snacks

16:00 - 17:30

• Understanding Cross-Origin Resource Sharing (CORS)

• Configuring a robust CORS policy

• Hands-on labs

• Conclusion

About Philippe De Ryck

Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape.

As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide. His online course platform allows anyone to learn complex security topics at their own pace.

Philippe is a Google Developer Expert and an Auth0 Ambassador for his community contributions on the security of web applications and APIs.