OWASP San Antonio Chapter Meeting

When:  Jul 19, 2024 from 11:00 to 14:00 (CT)
Associated with  San Antonio Chapter

Details

Topics- See abstracts below

  • Securing API's in the Cloud
  • The top API threats seen in the first quarter of 2024
  • Salesforce Security Pen Testing

Lunch Provided

small fee for parking est $5-$7.50 Bauerle Road Garage at UTSA Campus

University Room 2.06.04 - Business Building, John Peace Library, 1 UTSA Circle, San Antonio, TX 78249

ZOOM link provided for remote attendees

We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity!
Please feel free to pass this information on to your peers and team members.
Please reply “ONSITE” if you plan on attending in person so we can finalize headcount for food and room attendance 😊

Presentations will include:
I. Presentation on API Lifecycle-Optiv
API lifecycle graphic review-provided baseline understanding of API journey-Optiv
II. Securing APIs in the Cloud: Insights and Best Practices- Palo Alto
This presentation explores the current state of API security in the cloud, covering industry trends and common challenges organizations face. It delves into effective strategies for API discovery, risk profiling, and real-time protection, providing practical insights and best practices to enhance API security. The discussion will highlight key concerns such as inadequate authentication, lack of visibility, and poor endpoint management, aiming to equip attendees with the knowledge to better secure their API ecosystems.
III. API ThreatStats™ Report Q1 2024 Spotlight: Why API Security Is The First Thing For Enterprise AI- Wallarm
The Wallarm Research Team has analyzed billions of data points to identify the top API vulnerabilities and exploits for the 1st quarter of 2024, shining a spotlight on the rising threat of API attacks targeting AI applications. The report explores the top significant threats, identifies key trends, and provides actionable insights that can help you strengthen your API Security program, with an emphasis on identifying and protecting your AI applications from API security issues.
IV. Salesforce Pen-testing-Rodney
Topic 2-PaaS Cloud Goat is a simulated vulnerable Salesforce
Application providing hands-on experience with penetration testing of custom Salesforce applications. The tool is similar to other test tools like AWS CloudGoat, CloudFoxable, AzureGoat, GCPGoat, and Pen-Testing Cloud REST APIs in OpenStack. It is not, however, a tool for attacking Salesforce.com itself. It is novel because it focuses on custom applications deployed using the Salesforce platform and is the first tool to provide lab exercises with a collection of security tests. The main takeaways:
1. Hands-on learning opportunity of security tests for a custom Salesforce application
2. Detailed training documentation material about the underlying flaws to look for
3. Single consolidated list of common Salesforce application vulnerabilities

Network SecurityOWASPApplication Security
Web Application SecurityInformation Security

Speaker

See Below

Securing APIs in the Cloud: Insights and Best Practices
Jonathan Brown is a Solutions Architect at Palo Alto Networks, specializing in Prisma Cloud. With over 15 years of experience in technology, Jonathan has a deep understanding of traditional enterprise architecture and the security challenges organizations face as they transition to the cloud. Before joining Palo Alto Networks, Jonathan worked as an infrastructure engineer in data centers and at Twistlock, a pioneer in Cloud Native Security for Containers, acquired by Palo Alto Networks in 2019. At Palo Alto Networks, Jonathan focuses on helping organizations secure their cloud environments through comprehensive security strategies and cutting-edge technologies.

API ThreatStats™ Report Q1 2024 Spotlight: Why API Security Is The First Thing For Enterprise AI- Wallarm
James Vandenbossche is a Silicon Valley veteran with over 25 years of experience as a Solution Architect specializing in cybersecurity, DevSecOps, and APM. He is passionate about real-time security protection solutions that prevent cyber attacks, and currently at Wallarm helps customers protect their entire API and web application portfolios across multi-cloud, on-premises, and cloud-native environments

Salesforce Pen-testing
Rodney Beede https://www.rodneybeede.com/curriculum%20vitae/bio.html
•Principal consultant
•Cloud security testing > 10 years
•Multiple CVEs discovered
•Started as J2EE software developer
•M.S. in C.S. - "A Framework for Benevolent Computer Worms" 2012
•Coalfire, Rackspace, Seagate, HP, Cisco, RiskMetrics (MSCI)
Presenter at: BSides, InnoTech, Black Hat

Location