A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Need More Sleep? REST Could Help - Drew Branch Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Need More Sleep? REST Could Help
Drew Branch
Derbycon 2016

Increasingly, RESTful APIs are utilized to provide a communication avenue for web servers and clients to exchange data via HTTP(S). Historically SOAP APIs were used for this purpose however, implementation, client development, and documentation have been proved more complicated than that of REST. Further, REST provides a greater level of performance and scalability over SOAP, which adds to the benefits of using RESTful APIs. In this talk, key differences between SOAP and REST and core REST concepts will be discussed as well as testing methodologies and techniques that an analyst or developer could utilize to discover vulnerabilities within implementations of RESTful APIs. Burp Suite will be used to demonstrate testing when discussing focus areas of interests of a RESTful API, which will include authorization and input validation. Attendees should leave this talk with a firm understanding of RESTful APIs, how they are implemented, and how to assess RESTful APIs for vulnerabilities.

Drew Branch is an Associate Security Analyst for Independent Security Evaluators, where he is challenged with assessing Fortune 500 company?s implementations of security such as DRM systems, cryptography and secure configurations/development within mobile and web applications, etc. Currently, Mr. Branch holds a B.S. in Electrical/Computer Engineering from Morgan State University and a M.S in Cybersecurity from the University of Maryland, Baltimore County. He is a cutting edge technology enthusiast with a passion for security in all aspects and is intrigued with how things work and how to break them.

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast