API Testing: Finding Exploits with APIsec

Kick off 2025 with a focus on API security APIs are the #1 most frequent attack vector. In this special session we'll dive into the top vulnerabilities that attackers look for and how you can find and fix flaws before they become exploits. Learn how to conduct thorough security testing, including RBAC (Role-Based Access Control) and BOLA (Broken Object Level Authorization) tests, configuring attack scenarios, running scans, and interpret results. Dive into the integration APIsec and Kong API Gateway and see how teams can collaborate and share their findings. We hope you enjoy this comprehensive guide to using APIsec to strengthen your API security and streamline your testing process. Test your APIs for RBAC, ABAC, BOLA and the OWASP API top 10 for FREE today ➡️ https://www.apisec.ai/sign-up 00:00 Introduction and Welcome 00:37 Overview of API Security and PLT Tool 02:28 GraphQL API Support and Demonstration 06:13 Security Coverage and Testing Features 09:48 Postman Integration and User Questions 15:05 RBAC Testing and Demonstration 21:59 Understanding Status Codes in API Testing 22:41 Executing RBAC Scans and Viewing Logs 23:01 Role-Based Access Control (RBAC) Permissions 24:25 Running a Quick Scan and Viewing Results 27:20 Introduction to BOLA Testing 29:26 Configuring BOLA Attack Scenarios 39:08 Kong Integration Overview 43:16 Team Collaboration and Sharing Applications 44:32 Conclusion and Next Steps