F5 API Security Lab Day



The F5 team hosted an interactive Capture the Flag competition where attendees worked with their peers to hunt for API vulnerabilities.



In this lab and Capture the Flag exercise, attendees learned how to identify and mitigate: 

  • Hard-Coded Secrets: Many applications exchange user credentials for a hard-coded token or key.
  • Broken Authorization: Providing blanket access to the API keys has proven detrimental to multiple mobile and web applications.
  • Data Access Control on User Interface (UI): APIs can pull more data from a server than an app is authorized to share.
  • Security Check for User Interface (UI): Checks are built into the UI, but they can be circumvented with man-in-the-middle tools or API tools.
  • Weak Tokens: JSON Web Token (JWT) without a proper cryptographic signing mechanism can lead to privilege escalation.
  • Credential Stuffing: Bots can be used to scrape APIs for data or used to validate stolen credentials.
  • Version Troubles: APIs are often changed to add functionality or remove unused features.

Speaker and Presenter Information

Peter Scheffler, Senior Solutions Architect, F5

 

Arnulfo Hernandez, Solutions Architect, F5

Relevant Government Agencies

Other Federal Agencies, Federal Government, State & Local Government

Members who viewed this event also viewed:


Register


Register


Event Type
On-Demand Webcast


This event has no exhibitor/sponsor opportunities


Cost
Complimentary:    $ 0.00


Website
Click here to visit event website


Event Sponsors


Organizer
F5 Government Team at Carahsoft


Contact Event Organizer



Return to search results