null Ahmedabad Humla 30 September 2023 Mastering API Security Register

Null offensive hacking hands-on training.

Proposed sessions for this event:

• API Testing Basics by Dishant Kapadiya
• Testing Spring Boot/Swagger APIs by Kuldeep Pandya
• Testing WSDL APIs by Parth
• Testing SOAP APIs by Dishant Kapadiya
• Testing gRPC APIs by Kuldeep Pandya
• Testing GraphQL APIs by Parth

Join us for an intensive workshop focused on API security across various technologies. From REST APIs to GraphQL, this hands-on event will equip you with the tools and techniques to identify, test, and mitigate API vulnerabilities.

Topics Covered:

• API Testing Basics

  • Basics of Postman
  • Configuring Postman for API testing
  • Blackbox penetration testing and API reversing

• Spring Boot/Swagger

  • Testing Swagger APIs
  • Identifying vulnerabilities in Swagger UI
  • Spring Boot actuator endpoints detection and bypassing WAFs
  • Spring Security module

• WSDL

  • Understanding WSDL structure and schema
  • Enumerating WSDL metadata
  • Testing WSDL using Postman

• SOAP

  • Exploring SOAP structure and schema
  • Testing SOAP APIs using Postman
  • WS-Security and SAML Tokens

• gRPC

  • Basics of gRPC and related tools like Charles Proxy and grpcurl
  • Identifying vulnerabilities in gRPC APIs

• GraphQL

  • Understanding GraphQL basics
  • Testing GraphQL APIs

Gain practical insights through real-world case studies and hands-on labs. Don't miss this opportunity to level up your API security skills!