CypherCon 2023

Hacking and Defending APIs

Robert Wagner


The OWASP API Top Ten, from a red vs blue perspective. I’ll describe the issue or vulnerability, how attackers try to attack it, and how defenders can defend against it.

Importance: APIs are the wild west of application vulnerabilities right now. We’re making the same mistakes we did with web-apps 20 years ago, and are not applying what we’ve learned. Devs and SecOps people both need to work together, especially at the rate APIs are growing.

Robert Wagner

Cybersecurity consultant, cat-lover

Robert Wagner is the Field CISO at Fletch and has been a highly respected security practitioner, advisor and strategist for almost 20 years. His security experience ranges from defending everything from Fortune 500 companies to government agencies, major universities, and financial institutions, and he has presented and taught at security conferences around the world. He is a co-founder of the not-for-profit organization Hak4Kidz, serves on the board of the Chicago ISSA chapter, and regularly volunteers for various Bsides and other hacker cons.