{"id":14308,"date":"2024-05-13T04:50:39","date_gmt":"2024-05-13T04:50:39","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/"},"modified":"2024-08-01T05:25:45","modified_gmt":"2024-08-01T05:25:45","slug":"api-penetration-testing-bkk2024","status":"publish","type":"product","link":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/","title":{"rendered":"API Penetration Testing"},"content":{"rendered":"<div class=\"page\" title=\"Page 3\">\n<div class=\"layoutArea\">\n<h4><strong><span style=\"color: #993300\">ATTEND IN-PERSON<\/span><\/strong><strong><span style=\"color: #993300\">: <\/span><\/strong><strong>Onsite in Bangkok, Thailand<\/strong><\/h4>\n<div class=\"layoutArea\">\n<div class=\"page\" title=\"Page 3\">\n<h4><strong>DATE: 27-28 August 2024<\/strong><\/h4>\n<\/div>\n<h4><strong>TIME: 09:00 to 17:00 ICT\/GMT+7<\/strong><\/h4>\n<table style=\"height: 146px\" width=\"599\">\n<tbody>\n<tr>\n<td><strong>Date<\/strong><\/td>\n<td><strong>Day<\/strong><\/td>\n<td style=\"text-align: left\"><strong>Time<\/strong><\/td>\n<td><strong>Duration<\/strong><\/td>\n<\/tr>\n<tr>\n<td>27 Aug<\/td>\n<td>Tuesday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<tr>\n<td>28 Aug<\/td>\n<td>Wednesday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<hr \/>\n<h5>This comprehensive two-day workshop goes deeply into the realm of API security. Participants will embark on a journey starting with a foundational understanding of APIs, throughout a discussion on various API architectures and protocols such as REST, SOAP, and GraphQL, with examples and focus on the different tools like Burp Suite, Swagger and SoapUI, which are a must to know for further dive into API security testing concepts.<\/h5>\n<p>Armed with this knowledge, attendees will continue their journey by learning key aspects of common API security testing methodologies &amp; frameworks, such as the OWASP API Security Top 10 and the OWASP Web Security Testing Guide. The workshop includes multiple practical exercises and lab sessions covering a wide spectrum of topics including API reconnaissance, API authentication, API injection, and more, offering hands-on experience to reinforce theoretical understanding and foster practical skill development.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h5><strong>\u00a0<\/strong><strong>Key learning objectives<\/strong><\/h5>\n<ul>\n<li>Participants will acquire a thorough comprehension of API security principles.<\/li>\n<li>Attendees will gain practical proficiency in utilizing professional tools such as Burp Suite, Swagger, and SoapUI, essential for intercepting, analyzing, and securing API traffic, enhancing their capability to conduct effective security testing.<\/li>\n<li>Thanks to a set of guided instruction and practical exercises, participants will be leveraging security testing methodologies &amp; frameworks such as the OWASP API Security Top 10 and the OWASP Web Security Testing Guide to assess the security of modern API implementations.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h5><strong>What will the students get<\/strong><\/h5>\n<ul>\n<li>Battle-tested and future-proof API testing techniques.<\/li>\n<li>Fully configured Virtual Machine (VM) with a selection of pre-configured testing tools including proprietary fuzzing dictionaries ready to be used for delivering effective testing activities.<\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h5><strong>Agenda\/ Topics Covered<\/strong><\/h5>\n<p><strong>Overview on Application Programming Interfaces (APIs) Security<\/strong><\/p>\n<ul>\n<li>What is an API and why securing APIs is crucial for modern organizations.<\/li>\n<li>API architectural pattern security: REST, SOAP and GraphQL.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Intercepting and Understanding the HTTP Protocol<\/strong><\/p>\n<ul>\n<li>What is HTTP and its different versions.<\/li>\n<li>Intercepting HTTP(s) protocol and API requests using Burp Suite Pro<\/li>\n<li>Tools of the trade for API security testing: Swagger, SoapUI, and beyond.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>API Security Testing Methodology<\/strong><\/p>\n<ul>\n<li>Overview on the OWASP Web Security Testing Guide (WSTG) v4.2<\/li>\n<li>The OWASP API Security Top 10 (2023)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>API Reconnaissance &amp; Attack Surface Analysis<\/strong><\/p>\n<ul>\n<li>What is an Attack Surface?<\/li>\n<li>How to identify known &amp; unknown API endpoints.<\/li>\n<li>How to identify known &amp; unknown API parameters.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>API Authentication Security<\/strong><\/p>\n<ul>\n<li>Authentication Tokens\n<ul>\n<li>JWT, SAML, OAuth and API key security<\/li>\n<li>XML encryption and signing<\/li>\n<\/ul>\n<\/li>\n<li>Authentication vs. Authorization\n<ul>\n<li>{Role\/Resource\/Fields} Level Access Control<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>API Injection Vulnerabilities<\/strong><\/p>\n<ul>\n<li>SQL Injection<\/li>\n<li>NoSQL Injection<\/li>\n<li>Command Injection<\/li>\n<\/ul>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<h6>This intensive 2-day workshop offers participants a thorough grasp of Application Programming Interface (API) security, highlighting the critical importance of comprehensively understanding and rigorously testing API implementations using cutting-edge techniques and state-of-the-art tools to effectively identify vulnerabilities.<\/h6>\n","protected":false},"featured_media":14307,"template":"","meta":{"_acf_changed":false},"product_cat":[85,84,86,87],"product_tag":[],"class_list":{"0":"post-14308","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-2-day-workshop","7":"product_cat-bkk-2024","8":"product_cat-bkk-2024-workshop","9":"product_cat-workshop-2","11":"first","12":"outofstock","13":"shipping-taxable","14":"purchasable","15":"product-type-simple"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>API Penetration Testing - HITBSecConf2024 - Bangkok<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"API Penetration Testing - HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"og:description\" content=\"This intensive 2-day workshop offers participants a thorough grasp of Application Programming Interface (API) security, highlighting the critical importance of comprehensively understanding and rigorously testing API implementations using cutting-edge techniques and state-of-the-art tools to effectively identify vulnerabilities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-01T05:25:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-3.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"790\" \/>\n\t<meta property=\"og:image:height\" content=\"519\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/\",\"name\":\"API Penetration Testing - HITBSecConf2024 - Bangkok\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-3.jpeg\",\"datePublished\":\"2024-05-13T04:50:39+00:00\",\"dateModified\":\"2024-08-01T05:25:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#primaryimage\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-3.jpeg\",\"contentUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-3.jpeg\",\"width\":790,\"height\":519},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shop\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/shop\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"API Penetration Testing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\",\"name\":\"HITBSecConf2024 - Bangkok\",\"description\":\"August 26 - 30 @ InterContinental\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"API Penetration Testing - HITBSecConf2024 - Bangkok","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/","og_locale":"en_US","og_type":"article","og_title":"API Penetration Testing - HITBSecConf2024 - Bangkok","og_description":"This intensive 2-day workshop offers participants a thorough grasp of Application Programming Interface (API) security, highlighting the critical importance of comprehensively understanding and rigorously testing API implementations using cutting-edge techniques and state-of-the-art tools to effectively identify vulnerabilities.","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/","og_site_name":"HITBSecConf2024 - Bangkok","article_modified_time":"2024-08-01T05:25:45+00:00","og_image":[{"width":790,"height":519,"url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-3.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/","name":"API Penetration Testing - HITBSecConf2024 - Bangkok","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#primaryimage"},"image":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#primaryimage"},"thumbnailUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-3.jpeg","datePublished":"2024-05-13T04:50:39+00:00","dateModified":"2024-08-01T05:25:45+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#primaryimage","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-3.jpeg","contentUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-3.jpeg","width":790,"height":519},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/api-penetration-testing-bkk2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/"},{"@type":"ListItem","position":2,"name":"Shop","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/shop\/"},{"@type":"ListItem","position":3,"name":"API Penetration Testing"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/","name":"HITBSecConf2024 - Bangkok","description":"August 26 - 30 @ InterContinental","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product\/14308"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media\/14307"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media?parent=14308"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product_cat?post=14308"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product_tag?post=14308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}