Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Self-Discovering API Key Permissions and Resources

OWASP Foundation via YouTube

Start learning Write review
Boot.dev Ad

The Most Addictive Python and SQL Courses

Learn More → CodeSignal Ad

Introduction to Programming with Python

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
This talk from OWASP Foundation explores a novel approach to API security assessment called "self-discovery." Learn how to enumerate permissions and resources associated with API keys without accessing provider UIs—critical knowledge for security analysts prioritizing credential rotation. Over 43 minutes, security experts Joseph Leon and Dylan Ayrey demonstrate meticulous techniques for assessing SaaS provider permissions and scopes, including string analysis and HTTP request brute forcing. The presentation culminates with a demonstration of a new open-source tool that automates the discovery process, helping security teams better understand the potential impact of exposed credentials.

Syllabus

Self-Discovering API Key Permissions and Resources - Joseph Leon, Dylan Ayrey

Taught by

OWASP Foundation

Reviews

Start your review of Self-Discovering API Key Permissions and Resources

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.