AppSec USA 2017

We are excited to announce that OWASP will once again be holding a two day Developer Summit at AppSecUSA 2017 on September 19 & 20, 2017. OWASP is providing a structured platform for Developers two days prior to the AppSec USA 2017 conference. The Developer Summit will consist of sessions geared toward learning about security vulnerabilities.

There is NO charge to attend the Developer Summit, so come join us!

We do ask that you SIGN UP so we have an estimated headcount to be sure we have enough space and food.

Half Day Afternoon Session
Date: Tuesday, September 19, 2017
Time: 2pm-5pm
Location: Coronado N&P

Presenters: Nicole Becher and Tanya Janca

Hacking APIs and Web Services with OWASP DevSlop & PIXI!

Modern applications often use APIs and other micro services to deliver faster and better products and services. However, there are currently few training grounds for security testing in such areas. In comes DevSlop, OWASP's newest project, a collection of DevOps security disasters made as a vulnerable testing and proving ground for developers and security testers alike. DevSlop's Pixi, the first of many entries to come for this OWASP project, will be demonstrated and presenting for participant's hacking and learning pleasure. Pixi consists of vulnerable web services, and participants will be walked through how to exploit several of it's vulnerabilities so they can learn how to do better when they create their own web services and other types of APIs from now on.

What will be discussed?

• API and Web Service Hacking & OWASP Project DevSlop

What will attendees learn from attending this session?

• How to hack APIs and web services

Items attendees are required to bring with them

• A laptop with a web proxy and modern web browser. Admin Priv on your machine.