Back

Speaker "Abraham Kang" Details Back

 

Topic

RESTing on Your Laurels Will Get You Pwned

Abstract

Now, almost every company that wants to expose services or an application programming interface does it using a publicly exposed REST API. In addtion, almost every NoSQL database provides REST APIs. This talk will give participants the skills they need to identify and understand REST vulnerabilities. The findings are a result of reviewing production REST applications as well as researching popular REST frameworks.

Profile

Abraham Kang is fascinated with the nuanced details associated with programming languages and their associated APIs. Abraham has a B.S. from Cornell University. He currently work for Samsung as a Software Director helping to drive security across new products and services. Prior to joining Samsung, Abraham worked as Principal Security Researcher for HP Fortify in their Software Security Research group. Prior to joining Fortify, Abraham worked with application security for over 10 years, reviewing over 12 million lines of code, and working over 4 years as a dedicated security code reviewer at Wells Fargo. He is focused on application, framework and mobile security and has presented his findings at Blackhat U.S.A., DEFCON, RSA, OWASP AppSec U.S.A., Baythreat, BSIDES, and HP Protect.