September 23, 2023
InfosecGirls Session - 23rd September, 2023
Topic: API security — authentication patterns, rate limiting, abuse cases, and testing APIs consistently in pre-production.
Summary
- Auth patterns: OAuth2/OIDC pitfalls, token lifetimes, and scope validation.
- Rate limiting and abuse detection: per-user, per-IP, and burst handling.
- Abuse cases beyond OWASP API Top 10: scraping, credential stuffing, and partner misuse.
- Pre-prod testing: contract tests, fuzzing, and schema validation in CI.