Join F5 for this special interactive Capture the Flag competition where you will join with your peers to hunt for API vulnerabilities. See who has what it takes to identify vulnerable APIs and ultimately Capture the Flag!

Featured Speakers:

• Peter Scheffler, Senior Solutions Architect, F5
• Arnulfo Hernandez, Solutions Architect, F5

In this lab and Capture the Flag exercise, you will learn how to identify and mitigate:

• Hard-Coded Secrets: Many applications exchange user credentials for a hard-coded token or key.
• Broken Authorization: Providing blanket access to the API keys has proven detrimental to multiple mobile and web applications.
• Data Access Control on User Interface (UI): APIs can pull more data from a server than an app is authorized to share.
• Security Check for User Interface (UI): Checks are built into the UI, but they can be circumvented with man-in-the-middle tools or API tools.
• Weak Tokens: JSON Web Token (JWT) without a proper cryptographic signing mechanism can lead to privilege escalation.
• Credential Stuffing: Bots can be used to scrape APIs for data or used to validate stolen credentials.
• Version Troubles: APIs are often changed to add functionality or remove unused features.