Scanning APIs with OAS 2.0 (Swagger):

The Open API Specification is a relative newcomer in the history of web service interface documentation. It stands apart from its predecessors by not tying itself to a specific vendor technology, and aims to embrace all forms of RESTful HTTP. Leveraging this powerful specification for automated scanning of APIs will save time by providing a straightforward mechanism to evaluate APIs without having to proxy traffic or manually build attack vectors.

Topics covered

• What is the OpenAPI Specification (Swagger)
• How Swagger/REST relates to SOAP/XML
• Tools for converting to/from swagger to 'X'.
• Scanning a simple RESTful JSON based API with Swagger
• Swaggering the SDLC.

Speaker

Scott Davis
Rapid7
Application Security Researcher
Portland, Oregon Area

Scott has been developing software professionally for over 15 years in a variety of contexts and technologies including wireless sensor networks, robotics, migration modeling & visualization, ERP, interactive projection art, product development and security services. Scott has spent as many years focusing on the security aspects of these technologies, and has leveraged this background to lead the engineering security team at Webtrends for several years. Currently, he serves as Application Security Research for Rapid7.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.