With Spring, it is very easy to implement APIs. Making them robust against a variety of attack types is much harder. Developers will learn about several real-world attack scenarios. Live demos will show how these can be mitigated with the help of Spring Security and appropriate design patterns.
With the increasing popularity of APIs, attacks on them are also steadily increasing. Often, design flaws such as weak authentication, lack of authorization, or unnecessarily exposing confidential data make it far too easy for attackers to reach their target. In this talk, I will discuss the most prevalent threats to modern APIs and outline recommended strategies for developers to secure their own APIs. In doing so, I will cover the most commonly used standards and architectural styles these days, such as Rest, GraphQL, and gRPC. Using a sample Spring Boot application, I will show practical examples of (in)secure APIs. The talk is aimed at software developers, architects, and security enthusiasts alike. Knowledge of the Java programming language and Spring Boot is helpful.