Tanya Janca

Security Evangelist

Tanya Janca Security Evangelist,

Tanya Janca is a senior cloud advocate for Microsoft, specializing in application security; evangelizing software security and advocating for developers through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, software developer, effective altruist and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.

Workshop: Hacking APIs and the MEAN Stack with OWASP DevSlop

Modern applications often use APIs and other micro services to deliver faster and better products and services. However, there are currently few training grounds for security testing in such areas. In comes DevSlop, OWASP's newest project, a collection of DevOps security disasters made as a vulnerable testing and proving ground for developers and security testers alike. DevSlop's Pixi, the first of many entries to come for this OWASP project, will be demonstrated and presenting for participant's hacking and learning pleasure. Pixi consists of vulnerable web services, and participants will be walked through how to exploit several of it's vulnerabilities so they can learn how to do better when they create their own web services and other types of APIs from now on.

What will be discussed?

MEAN Stack, API and Web Service Hacking & OWASP Project DevSlop

What will attendees learn from attending this session?

How to hack APIs and web services manually

Items attendees are required to bring with them

A laptop with a web proxy and modern web browser (Chrome or FireFox are great). Admin Priv on your machine, and the ability to install software. If possible, install VirtualBox or VMWare, Docker, GitHub and Postman on your machine in advance. If you don’t have them, we will get them for you, don’t worry. Windows and Mac OS are supported for this workshop, if you you have linux you’ll probably be fine, but we make no guarantees.