Modern applications often use APIs and other micro services to deliver faster and better products and services. However, there are currently few training grounds for security testing in such areas. In comes DevSlop, OWASP's newest project, a collection of DevOps security disasters made as a vulnerable testing and proving ground for developers and security testers alike. DevSlop's Pixi, the first of many entries to come for this OWASP project, will be demonstrated and presenting for participant's hacking and learning pleasure. Pixi consists of vulnerable web services, and participants will be walked through how to exploit several of it's vulnerabilities so they can learn how to do better when they create their own web services and other types of APIs from now on.
What will be discussed?
MEAN Stack, API and Web Service Hacking & OWASP Project DevSlop
What will attendees learn from attending this session?
How to hack APIs and web services manually
Items attendees are required to bring with them
A laptop with a web proxy and modern web browser (Chrome or FireFox are great). Admin Priv on your machine, and the ability to install software. If possible, install VirtualBox or VMWare, Docker, GitHub and Postman on your machine in advance. If you don’t have them, we will get them for you, don’t worry. Windows and Mac OS are supported for this workshop, if you you have linux you’ll probably be fine, but we make no guarantees.