Fortune 100 companies with large budgets and talented security engineers get breached through their APIs on a weekly basis. Uber’s full account takeover, the famous Facebook breach and the Verizon customer bill leak are just a few recent examples of API-based breaches. Traditional vulnerabilities, such as SQL injection, CSRF and XSS, are now less prevalent thanks to modern technologies and security education. Now, however, attackers leverage the predictable and overly permissive nature of REST APIs to exploit new types of vulnerabilities focused on business logic abuse and authorization. OWASP has acknowledged this threat vector shift and announced the OWASP API Security Project. The project addresses modern API threats and provides mitigation techniques. Come learn from the leader of the project about: -OWASP Top 10 for APIs and how they are different from traditional top 10 lists. -Examples of complex API exploits which involve many steps -How to exploit an API as a pentester and how to protect it as a developer