Go Hack Yourself: API Hacking for Beginners - Dr Katie Paxton-Fear

Over the past few years, we've really seen API hacking take off as a field of its own, diverging from typical web app security, but yet parallel to it. Often we point to the amorphous blob that is web security and go: "here you go, now you can be a hacker too", with top 10 lists, write-ups, conference talks and whitepapers smiling as we do. This creates a major challenge for developers who want to test their APIs for security or just people who want to get into API hacking, how on earth do you wade through all the general web security to get to the meat of API hacking, what do you even need to know?
This talk is going to break down API hacking from a developer point of view, teaching you everything you need to know about API hacking, from the bugs you can find and to the impact you can cause, to how you can easily test your own work or review your peers.

SPEAKER BIO

Dr Katie Paxton-Fear is an API hacker and content creator at Traceable. She has a PhD in cyber security and artificial intelligence, but if you know her it’s not for her academic work.
She’s a hacker and YouTuber who's found bugs in over 30 companies. She wants to show that anyone can be a hacker, and share her passion and knowledge with others. She has hacked everything from the military to social media, reporting her findings promptly and making sure the attackers don't get their first! In her free time she makes videos, teaching her audience of 80k+ how to get into ethical hacking. You can
find her all over the internet as @InsiderPhD

The slide deck of this presentation can be downloaded here: https://github.com/OWASP/www-chapter-...

This talk was presented at the OWASP London Chapter meetup on January 15th, 2025 hosted by Just Eat Technology and sponsored by Smithy.Security

#owasp #owasplondon #appsec #apisecurity #bugbounty