An ever-increasing number of applications have released public and private APIs, enabling awesome programmatic features to be released internally and to the world. Unfortunately, the ubiquity of APIs is a double-edged sword -- and security risks are often ignored. This talk introduces the OWASP API Security Project, including the Top Ten API Security Risks, and explains how contributors of many skill levels can get involved.

As a Senior Security Engineer at Bugcrowd, Leif Dreizler works to build the internal security program and customize and security testing solutions for Bugcrowd clients. Prior to Bugcrowd, Leif spent over two years as a Senior Application Security Engineer at Redspin, performing application security assessments. He also served as the Application Security Team Lead, interfacing with clients at the engineering and sales level.

David has extensive experience in many areas of information security. Beginning his career as a Network Security Analyst, David monitored perimeter firewalls and intrusion detection systems to identify and neutralize threats in real time. In 2009, David joined Redspin and worked as a Senior Security Engineer, Director of Penetration Testing, and Senior Director of Engineering. He then led Redspin's technical teams as CTO and VP of Professional Services. David is currently the Chief Information Security Officer at AppFolio. David has been a speaker at ToorCon, LayerOne, DEF CON, NolaCon, THOTCON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.

@dshaw_

Recorded at NolaCon 2016