Loading…
or to bookmark your favorites and sync them to your phone or calendar.
strong>OPEN Session [clear filter]
arrow_back View All Dates
Tuesday, November 5
 

12:00pm PST

OPEN WORKSHOP (API): API CTF: Learn the FUNdamentals of API Security
Tuesday November 5, 2024 12:00pm - 12:50pm PST
David Warburton, F5, Director, F5 Labs
Malcolm Heath, F5, Senior Threat Researcher


Join us for an exciting and educational Capture the Flag (CTF) event focused on API security, designed specifically for beginners! No prior experience with API security is required, making this an inclusive and welcoming environment for anyone eager to learn how APIs are commonly attacked — by doing the attacking themselves!
Participants will engage with a series of hands-on challenges aimed at teaching fundamental concepts of API security. You'll explore vulnerabilities often found in APIs and learn how attackers exploit these weak spots to compromise systems. Each challenge is designed to introduce you to core techniques used in the field of cybersecurity, guiding you step by step toward understanding how APIs work and where their security gaps lie.
This event is all about learning by doing, but don’t worry — you won’t be left to figure things out entirely on your own. While the focus is on self-discovery and problem-solving, the session will end with a detailed walk-through of all the challenges. So, even if you're unsure of how to solve a particular problem, you'll leave with valuable new skills and a deeper understanding of API security.
What to Expect:
  • A series of beginner-friendly CTF challenges that focus on API vulnerabilities.
  • No pressure, inclusive atmosphere where the goal is to learn, not compete.
  • Guidance on how to approach and solve common API security challenges.
  • A final walk-through session where the team demonstrates solutions for each challenge, so you'll understand the techniques used, even if you struggled to solve them on your own.
What to Bring:
  • Your own laptop. Most challenges can be solved using a standard web browser like Firefox or Chrome, but you’ll have an edge if you're able to run Python scripts or use tools like Postman, which can make testing APIs easier and more efficient.
While this event is geared toward beginners, having a basic understanding of HTTP requests and headers will be helpful but not essential. Don’t worry if you don’t have that background, as the walkthrough and explanations provided during the event will help bring you up to speed.
Whether you’re completely new to the world of API security or just looking to reinforce your understanding, this CTF game will be an engaging and fun way to dive into the subject. By the end of the session, you’ll leave with practical knowledge and the confidence to further explore API security on your own!
Speakers
avatar for Malcolm Heath

Malcolm Heath

Senior Threat Researcher, F5
Malcolm Heath is a Senior Threat Researcher with F5 Labs.  His career has included incident response, program management, penetration testing, code auditing, vulnerability research, and exploit development at companies both very large and very small. Prior to joining F5 Labs, he... Read More →
avatar for David Warburton

David Warburton

Director, F5 Labs, F5
Warburton is the director of threat research team, F5 Labs, has given talks around world, and appeared on TV, and industry podcasts. He is the author of several F5 Labs reports, and recently co-authored the SSL/TLS/HTTPS scanning devops tool ‘Cryptonice’ which helps organisations... Read More →
Tuesday November 5, 2024 12:00pm - 12:50pm PST
API World -- Workshop Stage B
 

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
  • Talk Type
  • OPEN Session
  • PRO Session
  • PRO Workshop
  • Track or Conference
  • AI & ML (CloudX)
  • API Case Studies & Success Stories (API World)
  • API Design / Architecture (API World)
  • API Leadership Summit (API World)
  • API Ops & Scalability & Usability (DX) & Testing (API World)
  • API Program Management (API World)
  • API Security / Compliance (API World)
  • API World
  • API World: API Innovation
  • API World: API Lifecycle
  • API World: API Strategy
  • API World: Microservices World
  • API-First Development (API World)
  • APIs (Dev Innovation)
  • Automated Testing & Monitoring & Reporting (CloudX)
  • CI/CD (CloudX)
  • CI/CD / Deployment (API World)
  • Cloud Development Technologies (CloudX)
  • Cloud Development Technologies (Dev Innovation)
  • Cloud Infrastructure (CloudX)
  • Cloud Innovation (AI & Edge & etc) (CloudX)
  • Cloud Security (CloudX)
  • Cloud Talent & Skills (CloudX)
  • CloudX
  • CloudX: Cloud Architecture & Infrastructure
  • CloudX: Cloud Strategy Conference
  • CloudX: Cloud-Native Development
  • CloudX: DevOps Summit
  • Containers & Kubernetes (CloudX)
  • Deployment Strategies (CloudX)
  • Dev Innovation (CloudX)
  • Dev Innovation Summit
  • Developer Tools (Dev Innovation)
  • DevSecOps (CloudX)
  • Digital Acceleration (CloudX)
  • Edge Computing (CloudX)
  • Emerging APIs: AI & IoT & Blockchain & Web3 & XR (API World)
  • Expo Challenge
  • Future of Cloud-Native Computing (CloudX)
  • Hybrid & Multi-Cloud (CloudX)
  • Hybrid APIs & Low Code APIs (API World)
  • Industries: Open Banking & Healthcare & Retail (API World)
  • Infrastructure-as-Code (CloudX)
  • Integration Management (API World)
  • Leadership Lounge
  • Microservices Design & Architecture (API World)
  • Microservices Design (CloudX)
  • Microservices Management (CloudX)
  • Observability (CloudX)
  • OPEN Session
  • Platform Engineering (API World)
  • Programming Languages (Dev Innovation)
  • Roundtables
  • Service Mesh & Containers & Kubernetes (API World)
  • Sponsor Spotlight
  • Virtual
  • In-Person/Virtual
  • In Person
  • Virtual
  • Virtual Exclusive