The task to create and maintain secure applications, or fixing existing applications, can be difficult. It is no different for APIs. This session will give you an overview and working understanding on how to develop secure APIs and Web applications.

We will look at the most common problems and mistakes and how they map to things like the OWASP findings.

If we look at the OWASP 2023 API security Top 10 attacks, 3 out of the top 5 issues are around access control. Why is access control so hard to get right and what options do we have?

This session is filled with live examples in dotnet and you will learn how to fix them.