OWASP Global AppSec Lisbon 2024

**Training tickets are a separate ticket purchase from a conference ticket**
Student tickets are only applicable for conference dates.

Following a hands-on approach, attendees will be guided into exploiting the ten most common API security risks according to the OWASP API Security Top 10.

The security issues will be discussed in-depth, also covering the mitigation. API protocol-specific security issues will be addressed and discussed to cover the most common API protocols. Training sessions are delivered by a security practitioner and OWASP project leader.

# Target Audience API developers, DevSecOps, Pentesters, and systems integrators

# Training Program Part 1
* Introduction to the Open Web Application Security Project (OWASP), the OWASP API Security Project, and the OWASP API Top 10
* The HTTP protocol and how APIs work on top of it Part 2 For each of the ten most common API security risks (according to the OWASP API Top 10)
* Exploit the vulnerability
* Discuss the security issue, impact, and how to mitigate the risk GraphQL-specific security risks

# What You’ll Learn
* Relevant OWASP projects and how to use them to write secure code
* HTTP protocol fundamentals and how APIs work on top of it *
In-depth knowledge of the ten most common API security risks
* API protocol-specific risks (e.g. GraphQL)
*How threat agents exploit APIs vulnerabilities: tools and techniques
* How to avoid the most common API security issues