David Warburton, F5, Director, F5 Labs
Malcolm Heath, F5, Senior Threat ResearcherJoin us for an exciting and educational Capture the Flag (CTF) event focused on API security, designed specifically for beginners! No prior experience with API security is required, making this an inclusive and welcoming environment for anyone eager to learn how APIs are commonly attacked — by doing the attacking themselves!
Participants will engage with a series of hands-on challenges aimed at teaching fundamental concepts of API security. You'll explore vulnerabilities often found in APIs and learn how attackers exploit these weak spots to compromise systems. Each challenge is designed to introduce you to core techniques used in the field of cybersecurity, guiding you step by step toward understanding how APIs work and where their security gaps lie.
This event is all about learning by doing, but don’t worry — you won’t be left to figure things out entirely on your own. While the focus is on self-discovery and problem-solving, the session will end with a detailed walk-through of all the challenges. So, even if you're unsure of how to solve a particular problem, you'll leave with valuable new skills and a deeper understanding of API security.
What to Expect:
- A series of beginner-friendly CTF challenges that focus on API vulnerabilities.
- No pressure, inclusive atmosphere where the goal is to learn, not compete.
- Guidance on how to approach and solve common API security challenges.
- A final walk-through session where the team demonstrates solutions for each challenge, so you'll understand the techniques used, even if you struggled to solve them on your own.
What to Bring:
- Your own laptop. Most challenges can be solved using a standard web browser like Firefox or Chrome, but you’ll have an edge if you're able to run Python scripts or use tools like Postman, which can make testing APIs easier and more efficient.
While this event is geared toward beginners, having a basic understanding of HTTP requests and headers will be helpful but not essential. Don’t worry if you don’t have that background, as the walkthrough and explanations provided during the event will help bring you up to speed.
Whether you’re completely new to the world of API security or just looking to reinforce your understanding, this CTF game will be an engaging and fun way to dive into the subject. By the end of the session, you’ll leave with practical knowledge and the confidence to further explore API security on your own!