Defending APIs with Jim Manico – Episode 1
November 10, 2022 | 9am PST | 5pm BST
Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs.
Episode 1: Request Forgery on the Web - CSRF & SSRF
In this first episode Jim and Colin will discuss request forgery and how to prevent it. This technical talk is intended for the software developer who needs to build secure web applications and APIs. it will cover the two variants of request forgery — client-side (CSRF) and server-side (SSRF).
- CSRF is most widely associated with vulnerable web applications that trick a user in a client browser into submitting transactions they never intended to use in their current authenticated session. We will discuss historical CSRF attacks and investigate various well-proven defense strategies. For API developers we will investigate whether APIs are vulnerable to CSRF, and how to prevent it.
- SSRF attacks allow a malicious client to trick a vulnerable server into submitting requests to an unintended location, typically by submitting malformed URLs in payloads and relying on vulnerabilities in the URL parsing code. We will discuss prevention strategies and examine some well-known examples. For API developers, we will investigate ways in which SSRF can be directed at vulnerable APIs and examine a few recent API breaches and the latest research.
Developer Advocate & API Security Researcher
Watch the Webinar
Partnered with: Manicode Security