SlideShare a Scribd company logo

Practical Application of the API Security Top Ten: A Tester's Perspective

R
RajniHatti

How to use the API Security Top Ten in your everyday work as a software tester.

Technology
1 of 29
Practical Application of the API Security Top 10 Rajni Hatti A Tester’s Perspective
What is API testing? HTTP Communication Server Database API (Application Programming Interface) • STATUS (200 OK, 404 NOT FOUND) • RESPONSE BODY • AUTHORIZATION (API KEY, OAUTH) • METHOD (GET, POST, PUT) • ENDPOINT (URL, QUERY STRING) Browser or App REQUEST RESPONSE API Integration Testing
Risk Analysis X X X X X X X X X X X X X X X X X X X Post a Status Delete a Status Get User’s Post What should I test? Get User’s Timeline USE CASE X High Risk X Med Risk X Low Risk API Security Top 10: owasp.org/www-project-api-security/
Post StatusWhat tests do I need? POST https://api.twitter.com/1.1/statuses/update.json?status=This is a test 200 OK
POST https://api.twitter.com/1.1/statuses/update.json?status=This is a test Post StatusWhat tests do I need?
POST https://api.twitter.com/1.0/statuses/update.json?status=This is a test POST https://api.twitter.com/1.2/statuses/update.json?status=This is a test Tests for API9: Improper Asset Management POST https://api.twitter.com/1.1/statuses/update.json?status=This is a test Post StatusWhat tests do I need?
POST https://api.twitter.com/1.0/statuses/update.json?status=This is a test POST https://api.twitter.com/1.2/statuses/update.json?status=This is a test Tests for API9: Improper Asset Management POST https://api.twitter.com/1.1/statuses/update.json?status=This is a test Post StatusWhat tests do I need? 404 Not Found
Post StatusWhat tests do I need? POST https://api.twitter.com/1.1/statuses/update.json?status=This is a link to the OWASP site. owasp.org 200 OK
POST https://api.twitter.com/1.1/statuses/update.json?status=This is a link to the OWASP site. owasp.org Post StatusWhat tests do I need?
Post StatusWhat tests do I need? POST https://api.twitter.com/1.1/statuses/update.json?status=This is a link to the OWASP site. owasp.org
Tests for API8: Injection Post StatusWhat tests do I need? POST https://api.twitter.com/1.1/statuses/update.json?status=This is a link to the OWASP site. owasp.org POST https://api.twitter.com/1.1/statuses/update.json?status= vulnerableWebApplication.com/page.php?parameters=<script>alert('xss payload');</script>
Post StatusWhat tests do I need? POST https://api.twitter.com/1.1/statuses/update.json?status=This is a link to the OWASP site. owasp.org POST https://api.twitter.com/1.1/statuses/update.json?status= vulnerableWebApplication.com/page.php?parameters=<script>alert('xss payload');</script> 400 Bad Request Tests for API8: Injection
POST https://api.twitter.com/1.1/statuses/destroy/1267606507396501504.json 200 OK Delete StatusWhat tests do I need?
POST https://api.twitter.com/1.1/statuses/destroy/1267606507396501504.json Delete StatusWhat tests do I need?
POST https://api.twitter.com/1.1/statuses/destroy/1267606507396501503.json POST https://api.twitter.com/1.1/statuses/destroy/1267606507396501505.json Tests for API1: Broken Object Level Authorization POST https://api.twitter.com/1.1/statuses/destroy/1267606507396501504.json Delete StatusWhat tests do I need?
400 Bad Request POST https://api.twitter.com/1.1/statuses/destroy/1267606507396501503.json POST https://api.twitter.com/1.1/statuses/destroy/1267606507396501505.json Tests for API1: Broken Object Level Authorization POST https://api.twitter.com/1.1/statuses/destroy/1267606507396501504.json Delete StatusWhat tests do I need?
GET https://api.twitter.com/1.1/statuses/show.json?id=1273567447182913536 200 OK Get Another User’s PostWhat tests do I need?
GET https://api.twitter.com/1.1/statuses/show.json?id=1273567447182913536 Get Another User’s PostWhat tests do I need?
Tests for API5: Broken Function Level Authorization GET https://api.twitter.com/1.1/statuses/show.json?id=1273567447182913536 DELETE https://api.twitter.com/1.1/statuses/show.json?id=1273567447182913536 PUT https://api.twitter.com/1.1/statuses/show.json?id=1273567447182913536 Get Another User’s PostWhat tests do I need?
400 Bad Request GET https://api.twitter.com/1.1/statuses/show.json?id=1273567447182913536 Tests for API5: Broken Function Level Authorization DELETE https://api.twitter.com/1.1/statuses/show.json?id=1273567447182913536 PUT https://api.twitter.com/1.1/statuses/show.json?id=1273567447182913536 Get Another User’s PostWhat tests do I need?
GET https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=owasp&count=2 200 OK Get Another User’s TimelineWhat tests do I need?
GET https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=owasp&count=2 Get Another User’s TimelineWhat tests do I need?
Tests for API4: Lack of Resources & Rate Limiting GET https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=owasp&count=200000 GET https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=owasp&count=2 Get Another User’s TimelineWhat tests do I need?
400 Bad Request GET https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=owasp&count=200000 Tests for API4: Lack of Resources & Rate Limiting GET https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=owasp&count=2 Get Another User’s TimelineWhat tests do I need?
How can I contribute? The 3 L’s
How can I contribute? Listen The 3 L’s
How can I contribute? Listen Learn The 3 L’s
How can I contribute? Listen Learn Look The 3 L’s
www.linkedin.com/in/rajni-hatti Thank you! Rajni Hatti

Recommended

Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Adam Englander
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullahidsecconf
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionGoing Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionSoroush Dalili
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbolapidays
 

Recommended

Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Adam Englander
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullahidsecconf
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionGoing Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionSoroush Dalili
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbolapidays
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop Ivan Novikov
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Reverse proxies & Inconsistency
Reverse proxies & InconsistencyReverse proxies & Inconsistency
Reverse proxies & InconsistencyGreenD0g
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
Rest API
Rest APIRest API
Rest APIRohana K Amarakoon
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST APINutan Kumar Panda
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS VectorsRodolfo Assis (Brute)
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
WAF 101
WAF 101WAF 101
WAF 101Null Bhubaneswar
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
QA Fest 2019. Катерина Овеченко. Тестирование безопасности API
QA Fest 2019. Катерина Овеченко. Тестирование безопасности APIQA Fest 2019. Катерина Овеченко. Тестирование безопасности API
QA Fest 2019. Катерина Овеченко. Тестирование безопасности APIQAFest
 
2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CDSimon Bennetts
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
Ssrf
SsrfSsrf
SsrfIlan Mindel
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
Web Services Testing
Web Services TestingWeb Services Testing
Web Services TestingDataArt
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated developmentJonathan LeBlanc
 

More Related Content

What's hot

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Reverse proxies & Inconsistency
Reverse proxies & InconsistencyReverse proxies & Inconsistency
Reverse proxies & InconsistencyGreenD0g
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
QA Fest 2019. Катерина Овеченко. Тестирование безопасности API
QA Fest 2019. Катерина Овеченко. Тестирование безопасности APIQA Fest 2019. Катерина Овеченко. Тестирование безопасности API
QA Fest 2019. Катерина Овеченко. Тестирование безопасности APIQAFest
 
2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CDSimon Bennetts
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 

What's hot (20)

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Reverse proxies & Inconsistency
Reverse proxies & InconsistencyReverse proxies & Inconsistency
Reverse proxies & Inconsistency
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
Rest API
Rest APIRest API
Rest API
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API Security
 
WAF 101
WAF 101WAF 101
WAF 101
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
 
QA Fest 2019. Катерина Овеченко. Тестирование безопасности API
QA Fest 2019. Катерина Овеченко. Тестирование безопасности APIQA Fest 2019. Катерина Овеченко. Тестирование безопасности API
QA Fest 2019. Катерина Овеченко. Тестирование безопасности API
 
2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
 
Ssrf
SsrfSsrf
Ssrf
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 

Similar to Practical Application of the API Security Top Ten: A Tester's Perspective

Web Services Testing
Web Services TestingWeb Services Testing
Web Services TestingDataArt
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated developmentJonathan LeBlanc
 
Building Better Web APIs with Rails
Building Better Web APIs with RailsBuilding Better Web APIs with Rails
Building Better Web APIs with RailsAll Things Open
 
Salesforce Integration using REST SOAP and HTTP callouts
Salesforce Integration using REST SOAP and HTTP calloutsSalesforce Integration using REST SOAP and HTTP callouts
Salesforce Integration using REST SOAP and HTTP calloutsRAMNARAYAN R
 
API Days Paris - Automatic Testing of (RESTful) API Documentation
API Days Paris - Automatic Testing of (RESTful) API DocumentationAPI Days Paris - Automatic Testing of (RESTful) API Documentation
API Days Paris - Automatic Testing of (RESTful) API DocumentationRouven Weßling
 
Nordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API DocumentationNordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API DocumentationRouven Weßling
 
Exposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerExposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerSalesforce Developers
 
API Check Overview - Rigor Monitoring
API Check Overview - Rigor MonitoringAPI Check Overview - Rigor Monitoring
API Check Overview - Rigor MonitoringAnthony Ferrari
 
API Days Australia - Automatic Testing of (RESTful) API Documentation
API Days Australia - Automatic Testing of (RESTful) API DocumentationAPI Days Australia - Automatic Testing of (RESTful) API Documentation
API Days Australia - Automatic Testing of (RESTful) API DocumentationRouven Weßling
 
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days
 
Cross Site Scripting (XSS) Defense with Java
Cross Site Scripting (XSS) Defense with JavaCross Site Scripting (XSS) Defense with Java
Cross Site Scripting (XSS) Defense with JavaJim Manico
 
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅Max Lai
 
So you think you know REST - DPC11
So you think you know REST - DPC11So you think you know REST - DPC11
So you think you know REST - DPC11Evert Pot
 
Scala45 spray test
Scala45 spray testScala45 spray test
Scala45 spray testkopiczko
 
Workshop: An Introduction to API Automation with Javascript
Workshop: An Introduction to API Automation with JavascriptWorkshop: An Introduction to API Automation with Javascript
Workshop: An Introduction to API Automation with JavascriptApplitools
 

Similar to Practical Application of the API Security Top Ten: A Tester's Perspective (20)

Web Services Testing
Web Services TestingWeb Services Testing
Web Services Testing
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
 
Building Better Web APIs with Rails
Building Better Web APIs with RailsBuilding Better Web APIs with Rails
Building Better Web APIs with Rails
 
Salesforce Integration using REST SOAP and HTTP callouts
Salesforce Integration using REST SOAP and HTTP calloutsSalesforce Integration using REST SOAP and HTTP callouts
Salesforce Integration using REST SOAP and HTTP callouts
 
API Days Paris - Automatic Testing of (RESTful) API Documentation
API Days Paris - Automatic Testing of (RESTful) API DocumentationAPI Days Paris - Automatic Testing of (RESTful) API Documentation
API Days Paris - Automatic Testing of (RESTful) API Documentation
 
Nordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API DocumentationNordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API Documentation
 
Api testing
Api testingApi testing
Api testing
 
Exposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerExposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using Swagger
 
API Check Overview - Rigor Monitoring
API Check Overview - Rigor MonitoringAPI Check Overview - Rigor Monitoring
API Check Overview - Rigor Monitoring
 
API Days Australia - Automatic Testing of (RESTful) API Documentation
API Days Australia - Automatic Testing of (RESTful) API DocumentationAPI Days Australia - Automatic Testing of (RESTful) API Documentation
API Days Australia - Automatic Testing of (RESTful) API Documentation
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
 
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
 
Cross Site Scripting (XSS) Defense with Java
Cross Site Scripting (XSS) Defense with JavaCross Site Scripting (XSS) Defense with Java
Cross Site Scripting (XSS) Defense with Java
 
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
 
So you think you know REST - DPC11
So you think you know REST - DPC11So you think you know REST - DPC11
So you think you know REST - DPC11
 
Scala45 spray test
Scala45 spray testScala45 spray test
Scala45 spray test
 
REST API Basics
REST API BasicsREST API Basics
REST API Basics
 
ATD11_WebAPISecurity
ATD11_WebAPISecurityATD11_WebAPISecurity
ATD11_WebAPISecurity
 
Workshop: An Introduction to API Automation with Javascript
Workshop: An Introduction to API Automation with JavascriptWorkshop: An Introduction to API Automation with Javascript
Workshop: An Introduction to API Automation with Javascript
 
Rest with Spring
Rest with SpringRest with Spring
Rest with Spring
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Practical Application of the API Security Top Ten: A Tester's Perspective