Web application security remains extremely hard despite 20 years of numerous efforts, tools, companies and methodologies. SOAP web services had security built-in but failed due to complexity. REST JSON APIs took over the world but unfortunately sacrificed security on the way. This talk will look at OpenAPI specification and other standards aimed to deliver structured security to the world of APIs.
Learning Objectives: 1: Understand why various approaches failed with web application security. 2: Understand how APIs are different and what are the advantages. 3: Understand how to leverage these advantages to not make the same mistake.