2025-10-24 –, Talk 2
"Instant API Hacker" is a fast-paced, 20-minute presentation that demonstrates how quickly someone can learn to identify and exploit API vulnerabilities. Led by Corey Ball, author of "Hacking APIs" and founder of APIsec University and hAPI Labs. This talk provides a practical introduction to API security testing using real-world tools and techniques. Attendees will witness the exploitation of critical vulnerabilities from the OWASP API Security Top 10, including broken authentication, authorization flaws (BOLA), and excessive data exposure. Through live demos using the crAPI vulnerable lab, participants will see firsthand how APIs can be compromised and gain actionable insights they can apply immediately. The presentation concludes with free resources for continued learning, including access to vulnerable labs and APIsec University courses.
This presentation is designed for anyone interested in API security, regardless of experience level:
Developers who want to understand how their APIs can be attacked
Security professionals seeking to add API testing to their skillset
IT managers and leaders who need to understand API security risks
Students and beginners curious about getting started in API security
Anyone interested in cybersecurity and how modern applications can be compromised
No prior API hacking experience required.
Corey Ball is the author of Hacking APIs and founder of APIsec University a completely free learning platform with over 120,000 students. He was the winner of the SANS Difference Makers Award for book of the year. With over 15 years of experience in IT and Cybersecurity, Corey now leads penetration testing as the CEO of hAPI Labs.