filmov
tv
GraphQL Vulnerabilities in the Wild: A Hands-On Workshop with OWASP TOP 10 Insights
Показать описание
Welcome to OWASP Tunisia Chapter !
Join Antoine Carossio, Co-founder & CTO of Escape, the leading Application Security Testing startup, for an immersive, hands-on workshop focused on the OWASP TOP 10 and GraphQL vulnerabilities. This session provides a rare opportunity to engage directly with the cutting-edge challenges and solutions in the ever-evolving world of GraphQL security.
Drawing on extensive research into real-world production GraphQL endpoints, Antoine will guide you through the complex security landscape of GraphQL. With his deep expertise in offensive security, Antoine will share valuable insights and proactive strategies to tackle today’s most critical vulnerabilities.
Antoine and his team have invested over 500 hours in chaos engineering across more than 1500 GraphQL endpoints, uncovering over 46,000 security flaws, including critical vulnerabilities that expose sensitive data without authentication. In this hands-on workshop, you’ll dive deep into these findings and learn the tools and methodologies needed to secure your own GraphQL implementations.
The session will explore the OWASP TOP 10 vulnerabilities and how they intersect with GraphQL’s unique security challenges. From complexity issues and schema leaks to traditional API security flaws like injections and internal server errors, you’ll gain a comprehensive understanding of potential threats. Real-world case studies will illustrate the severe impact of data leaks, including personal information, secrets, and tokens.
You’ll leave the workshop equipped with practical skills and tools, including GraphQL Armor and a detailed security checklist, to help you proactively safeguard your GraphQL applications. This session is crucial for developers, security professionals, and SREs who want to confidently navigate the intricate waters of GraphQL security.
About our speaker
Antoine is the co-founder of Escape, backed by Y Combinator, the prestigious startup accelerator, and celebrated on the Forbes 30 Under 30 list for revolutionizing Application Security. From hacking computers for fun in his early days to co-founding Escape as CTO, Antoine graduated from top-notch schools: Ecole Polytechnique (Paris) and UC Berkeley (California), before working at Apple as a Machine Learning Engineer. Antoine is also a recognized figure in the tech industry, sharing his knowledge by speaking at major international conferences such as the InCyber Forum, bSides, APIdays, and the GraphQL Conference.
Nihel Ben Youssef
OWASP Tunisia Chapter leader
Join Antoine Carossio, Co-founder & CTO of Escape, the leading Application Security Testing startup, for an immersive, hands-on workshop focused on the OWASP TOP 10 and GraphQL vulnerabilities. This session provides a rare opportunity to engage directly with the cutting-edge challenges and solutions in the ever-evolving world of GraphQL security.
Drawing on extensive research into real-world production GraphQL endpoints, Antoine will guide you through the complex security landscape of GraphQL. With his deep expertise in offensive security, Antoine will share valuable insights and proactive strategies to tackle today’s most critical vulnerabilities.
Antoine and his team have invested over 500 hours in chaos engineering across more than 1500 GraphQL endpoints, uncovering over 46,000 security flaws, including critical vulnerabilities that expose sensitive data without authentication. In this hands-on workshop, you’ll dive deep into these findings and learn the tools and methodologies needed to secure your own GraphQL implementations.
The session will explore the OWASP TOP 10 vulnerabilities and how they intersect with GraphQL’s unique security challenges. From complexity issues and schema leaks to traditional API security flaws like injections and internal server errors, you’ll gain a comprehensive understanding of potential threats. Real-world case studies will illustrate the severe impact of data leaks, including personal information, secrets, and tokens.
You’ll leave the workshop equipped with practical skills and tools, including GraphQL Armor and a detailed security checklist, to help you proactively safeguard your GraphQL applications. This session is crucial for developers, security professionals, and SREs who want to confidently navigate the intricate waters of GraphQL security.
About our speaker
Antoine is the co-founder of Escape, backed by Y Combinator, the prestigious startup accelerator, and celebrated on the Forbes 30 Under 30 list for revolutionizing Application Security. From hacking computers for fun in his early days to co-founding Escape as CTO, Antoine graduated from top-notch schools: Ecole Polytechnique (Paris) and UC Berkeley (California), before working at Apple as a Machine Learning Engineer. Antoine is also a recognized figure in the tech industry, sharing his knowledge by speaking at major international conferences such as the InCyber Forum, bSides, APIdays, and the GraphQL Conference.
Nihel Ben Youssef
OWASP Tunisia Chapter leader
0:15:57
0:25:07
0:30:00
0:49:04
0:04:45
0:23:22
0:04:49
0:08:58
0:16:54
0:49:19
0:30:46
0:07:00
0:30:40
0:35:59
0:27:25
0:25:00
0:05:03
1:23:43
0:37:37
0:14:51
0:39:23
0:49:34
0:17:21
0:18:02