SlideShare a Scribd company logo

APIdays Helsinki 2019 - API Security Risk Management with Bug Bounties with Lea Viljanen, Hackrfi

apidays
apidays

API Security Risk Management with Bug Bounties, Lea Viljanen, CEO, Security Consultant at Hackrfi

Technology
1 of 18
Download to read offline
https://www.linkedin.com/company/hackrfi @hackrfi API Security Risk Management with Bug Bounties 5.6.2019 ladybug@hackr.fiLea Viljanen
APIS, BUSINESS AND RISKS
© Hackrfi Oy 2018 - Julkinen5.6.2019 3 Getting the business value • To get the business benefits, you need to expose your APIs o…to internal parties o…to external partners o…to the general public • Exposure brings risks!
© Hackrfi Oy 2018 - Julkinen5.6.2019 4 Some key API risks • Fraudulent transactions oLoss of resources/reputation • Leaks of personally identifiable information (PII) oCan lead to monetary sanctions due to EU GDPR • Denial of Service attacks oMay have direct impact on revenue
© Hackrfi Oy 2018 - Julkinen5.6.2019 5 Risks vs benefits • Modern security is all about saying YES and managing the risk. • What tools do we have to get API risks to an acceptable level?
SOLUTIONS 5.6.2019 © Hackrfi Oy 2018 – Julkinen
© Hackrfi Oy 2018 - Julkinen5.6.2019 7 The traditional M&M method • Firewalls • DMZs • VPNs But if we need co-operation with changing number of API consumers in the ecosystem? Perimeter protection
© Hackrfi Oy 2018 - Julkinen5.6.2019 8 Defence in depth • Perimeter protection • Endpoint protection • Software & API controls • Processes o Not just to prevent, but also to detect! People / Processes SW HW DATA Multiple layers of security Perimeter can be more open because of other controls – this allows for co- operation and ecosystem memberships
© Hackrfi Oy 2018 - Julkinen5.6.2019 9 Key processes for API security •Secure coding •Vulnerability management •Audit management •Intrusion detection •Incident management Tämä kuva, tekijä Tuntematon tekijä, käyttöoikeus: CC BY-SA
AGILE VULNERABILITY DISCOVERY
© Hackrfi Oy 2018 - Julkinen5.6.2019 11 How to discover vulnerabilities? • Incidents … oops! • Error reports from staff, users, API consumers, third parties • Security audits and reviews • … and bug bounties!
© Hackrfi Oy 2018 - Julkinen5.6.2019 12 Bug bounty program – what? • An organisation pays security researchers (i.e. hackers) if they report a vulnerability in a responsible manner. • Target can be from the whole infrastructure to a platform to a single app and its API • Payment sum can vary, typically from thousands to hundreds
© Hackrfi Oy 2018 - Julkinen5.6.2019 13 Key benefits • A bug bounty encourages hackers to report issues before the criminals take advantage • Cost effective – only real vulnerabilities get bounties • Public programs increase third party trust to your services • Much more agile than traditional audits
© Hackrfi Oy 2018 - Julkinen5.6.2019 14 Audits vs bug bounties • Is limited by time (work days) • Is limited by money (pre- approved budget) • Is limited by expertise of the couple of people doing the testing • Gives results at one point in time • Hackers don’t count hours • Hackers are paid only if they find results • Community hackers have variable expertise. • Can be run continuously Traditional audits Bug bounty
© Hackrfi Oy 2018 - Julkinen5.6.2019 15 Bug bounty cons • Your processes need to be mature to handle incoming reports oBad reputation for being a black hole or not paying • Setting up the program and communicating with hackers takes resources • Works best with public targets
© Hackrfi Oy 2018 - Julkinen5.6.2019 16 Different types of programs Private Open Public Open Private Closed Public Closed - Not disclosed in public, need to know only - Invited participants only - Publicly visible - Anyone can join and submit reports - Publicly visible - Participants are selected - Invitation only - By application
© Hackrfi Oy 2018 - Julkinen5.6.2019 17 How to go about it? Decide Target, rules, payment structure Type of program Publish it Receive reports Contact point Triage Evaluate Acceptance Decide bounty amount Commu- nicate Pay Remediate Prioritize Assess risk vs time & costs to fix Communicate 
THANK YOU! https://www.linkedin.com/company/hackrfiladybug@hackr.fi @leaviljanen

Recommended

APIdays Helsinki 2019 - API Economy Journey Map: Maturity Model with Alan Gli...
APIdays Helsinki 2019 - API Economy Journey Map: Maturity Model with Alan Gli...APIdays Helsinki 2019 - API Economy Journey Map: Maturity Model with Alan Gli...
APIdays Helsinki 2019 - API Economy Journey Map: Maturity Model with Alan Gli...apidays
 
APIdays Helsinki 2019 - How to Design and Publish API Products that Your Cust...
APIdays Helsinki 2019 - How to Design and Publish API Products that Your Cust...APIdays Helsinki 2019 - How to Design and Publish API Products that Your Cust...
APIdays Helsinki 2019 - How to Design and Publish API Products that Your Cust...apidays
 
Lean and Business oriented method at APIOps Cycles APIDays Finland 2019
Lean and Business oriented method at APIOps Cycles APIDays Finland 2019 Lean and Business oriented method at APIOps Cycles APIDays Finland 2019
Lean and Business oriented method at APIOps Cycles APIDays Finland 2019 Marjukka Niinioja
 
APIdays Helsinki 2019 - Interoperability and Partnerships in MaaS - Working E...
APIdays Helsinki 2019 - Interoperability and Partnerships in MaaS - Working E...APIdays Helsinki 2019 - Interoperability and Partnerships in MaaS - Working E...
APIdays Helsinki 2019 - Interoperability and Partnerships in MaaS - Working E...apidays
 
apidays LIVE New York 2021 - Break up monoliths and lay them to REST! by Arun...
apidays LIVE New York 2021 - Break up monoliths and lay them to REST! by Arun...apidays LIVE New York 2021 - Break up monoliths and lay them to REST! by Arun...
apidays LIVE New York 2021 - Break up monoliths and lay them to REST! by Arun...apidays
 
APIdays Zurich 2019 - IT and Business as Critical API Partners, Strategies to...
APIdays Zurich 2019 - IT and Business as Critical API Partners, Strategies to...APIdays Zurich 2019 - IT and Business as Critical API Partners, Strategies to...
APIdays Zurich 2019 - IT and Business as Critical API Partners, Strategies to...apidays
 
apidays LIVE Paris 2021 - APIs and Data products: How do they impact your bus...
apidays LIVE Paris 2021 - APIs and Data products: How do they impact your bus...apidays LIVE Paris 2021 - APIs and Data products: How do they impact your bus...
apidays LIVE Paris 2021 - APIs and Data products: How do they impact your bus...apidays
 
apidays LIVE Hong Kong 2021 - Getting API Management adopted: the hearts and ...
apidays LIVE Hong Kong 2021 - Getting API Management adopted: the hearts and ...apidays LIVE Hong Kong 2021 - Getting API Management adopted: the hearts and ...
apidays LIVE Hong Kong 2021 - Getting API Management adopted: the hearts and ...apidays
 

Recommended

APIdays Helsinki 2019 - API Economy Journey Map: Maturity Model with Alan Gli...
APIdays Helsinki 2019 - API Economy Journey Map: Maturity Model with Alan Gli...APIdays Helsinki 2019 - API Economy Journey Map: Maturity Model with Alan Gli...
APIdays Helsinki 2019 - API Economy Journey Map: Maturity Model with Alan Gli...apidays
 
APIdays Helsinki 2019 - How to Design and Publish API Products that Your Cust...
APIdays Helsinki 2019 - How to Design and Publish API Products that Your Cust...APIdays Helsinki 2019 - How to Design and Publish API Products that Your Cust...
APIdays Helsinki 2019 - How to Design and Publish API Products that Your Cust...apidays
 
Lean and Business oriented method at APIOps Cycles APIDays Finland 2019
Lean and Business oriented method at APIOps Cycles APIDays Finland 2019 Lean and Business oriented method at APIOps Cycles APIDays Finland 2019
Lean and Business oriented method at APIOps Cycles APIDays Finland 2019 Marjukka Niinioja
 
APIdays Helsinki 2019 - Interoperability and Partnerships in MaaS - Working E...
APIdays Helsinki 2019 - Interoperability and Partnerships in MaaS - Working E...APIdays Helsinki 2019 - Interoperability and Partnerships in MaaS - Working E...
APIdays Helsinki 2019 - Interoperability and Partnerships in MaaS - Working E...apidays
 
apidays LIVE New York 2021 - Break up monoliths and lay them to REST! by Arun...
apidays LIVE New York 2021 - Break up monoliths and lay them to REST! by Arun...apidays LIVE New York 2021 - Break up monoliths and lay them to REST! by Arun...
apidays LIVE New York 2021 - Break up monoliths and lay them to REST! by Arun...apidays
 
APIdays Zurich 2019 - IT and Business as Critical API Partners, Strategies to...
APIdays Zurich 2019 - IT and Business as Critical API Partners, Strategies to...APIdays Zurich 2019 - IT and Business as Critical API Partners, Strategies to...
APIdays Zurich 2019 - IT and Business as Critical API Partners, Strategies to...apidays
 
apidays LIVE Paris 2021 - APIs and Data products: How do they impact your bus...
apidays LIVE Paris 2021 - APIs and Data products: How do they impact your bus...apidays LIVE Paris 2021 - APIs and Data products: How do they impact your bus...
apidays LIVE Paris 2021 - APIs and Data products: How do they impact your bus...apidays
 
apidays LIVE Hong Kong 2021 - Getting API Management adopted: the hearts and ...
apidays LIVE Hong Kong 2021 - Getting API Management adopted: the hearts and ...apidays LIVE Hong Kong 2021 - Getting API Management adopted: the hearts and ...
apidays LIVE Hong Kong 2021 - Getting API Management adopted: the hearts and ...apidays
 
APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogic
APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, DialogicAPIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogic
APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogicapidays
 
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...apidays
 
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...apidays
 
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...apidays
 
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...apidays
 
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...apidays
 
Deep dive: Monetize your API Programs
Deep dive: Monetize your API ProgramsDeep dive: Monetize your API Programs
Deep dive: Monetize your API ProgramsApigee | Google Cloud
 
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...apidays
 
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRaven
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRavenAPIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRaven
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRavenapidays
 
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.io
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.ioINTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.io
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.ioapidays
 
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays
 
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...apidays
 
Creating compelling user experiences through APIs
Creating compelling user experiences through APIsCreating compelling user experiences through APIs
Creating compelling user experiences through APIsJeremy Brown
 
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...apidays
 
Explaining API Integration: How Does API Integration work?
Explaining API Integration: How Does API Integration work?Explaining API Integration: How Does API Integration work?
Explaining API Integration: How Does API Integration work?DavidAltmen
 
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIAPIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIapidays
 
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...apidays
 
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...apidays
 
Wake Up to the API Economy
Wake Up to the API EconomyWake Up to the API Economy
Wake Up to the API EconomySmartBear
 
Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast) Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast) Apigee | Google Cloud
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsJeremy Brown
 

More Related Content

What's hot

APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogic
APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, DialogicAPIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogic
APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogicapidays
 
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...apidays
 
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...apidays
 
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...apidays
 
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...apidays
 
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...apidays
 
Deep dive: Monetize your API Programs
Deep dive: Monetize your API ProgramsDeep dive: Monetize your API Programs
Deep dive: Monetize your API ProgramsApigee | Google Cloud
 
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...apidays
 
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRaven
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRavenAPIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRaven
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRavenapidays
 
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.io
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.ioINTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.io
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.ioapidays
 
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays
 
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...apidays
 
Creating compelling user experiences through APIs
Creating compelling user experiences through APIsCreating compelling user experiences through APIs
Creating compelling user experiences through APIsJeremy Brown
 
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...apidays
 
Explaining API Integration: How Does API Integration work?
Explaining API Integration: How Does API Integration work?Explaining API Integration: How Does API Integration work?
Explaining API Integration: How Does API Integration work?DavidAltmen
 
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIAPIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIapidays
 
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...apidays
 
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...apidays
 
Wake Up to the API Economy
Wake Up to the API EconomyWake Up to the API Economy
Wake Up to the API EconomySmartBear
 
Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast) Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast) Apigee | Google Cloud
 

What's hot (20)

APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogic
APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, DialogicAPIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogic
APIdays Zurich 2019 - APIs for real time communication Miguel Lopes, Dialogic
 
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...
APIdays Helsinki 2019 - Enabling New Business Models with Lonneke Dikmans, eP...
 
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...
APIdays Zurich 2019 - API Product Management - Product Strategy for Business ...
 
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...
APIdays Helsinki 2019 - Finland, the Promised Land of Platform Business with ...
 
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...
APIdays Helsinki 2019 - Creating a Culture of Innovation with Jesse Martin, G...
 
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...
APIdays Helsinki 2019 - Open Banking: Is it just smoke and mirrors? with Jann...
 
Deep dive: Monetize your API Programs
Deep dive: Monetize your API ProgramsDeep dive: Monetize your API Programs
Deep dive: Monetize your API Programs
 
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...
APIdays Zurich 2019 - APIs as building blocks for digital economy Martin Graf...
 
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRaven
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRavenAPIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRaven
APIdays 2019 - The API mindset for IT and Business Tom Cully, BlackRaven
 
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.io
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.ioINTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.io
INTERFACE, by apidays - Future Mobility's Disaster by Oliver Thamm, Xapix.io
 
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
 
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...
APIdays Zurich 2019 - The Platform Economy, the API Economy and what we can l...
 
Creating compelling user experiences through APIs
Creating compelling user experiences through APIsCreating compelling user experiences through APIs
Creating compelling user experiences through APIs
 
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...
apidays LIVE Paris - Break up Monoliths and lay them to REST! by Arun Narayan...
 
Explaining API Integration: How Does API Integration work?
Explaining API Integration: How Does API Integration work?Explaining API Integration: How Does API Integration work?
Explaining API Integration: How Does API Integration work?
 
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIAPIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
 
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...
APIdays Helsinki 2019 - Research on APIs in the Platform Economy with Marko S...
 
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...
APIdays Helsinki 2019 - How to Minimize Coupling in API Production and Consum...
 
Wake Up to the API Economy
Wake Up to the API EconomyWake Up to the API Economy
Wake Up to the API Economy
 
Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast) Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast)
 

Similar to APIdays Helsinki 2019 - API Security Risk Management with Bug Bounties with Lea Viljanen, Hackrfi

Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsJeremy Brown
 
APIdays Paris 2018 - Creating an API economy business strategy Alan Glickenho...
APIdays Paris 2018 - Creating an API economy business strategy Alan Glickenho...APIdays Paris 2018 - Creating an API economy business strategy Alan Glickenho...
APIdays Paris 2018 - Creating an API economy business strategy Alan Glickenho...apidays
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24
 
Improve the Security of Your Application Portfolio in a Few Days with On-Dema...
Improve the Security of Your Application Portfolio in a Few Days with On-Dema...Improve the Security of Your Application Portfolio in a Few Days with On-Dema...
Improve the Security of Your Application Portfolio in a Few Days with On-Dema...Capgemini
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...Veronique Wagon
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
Identity Resolution
Identity ResolutionIdentity Resolution
Identity ResolutionShlomo Yona
 
Driving Payments Security and Efficiency During COVID-19
Driving Payments Security and Efficiency During COVID-19Driving Payments Security and Efficiency During COVID-19
Driving Payments Security and Efficiency During COVID-19Kyriba Corporation
 
Driving Payments Security and Efficiency During COVID 19
Driving Payments Security and Efficiency During COVID 19 Driving Payments Security and Efficiency During COVID 19
Driving Payments Security and Efficiency During COVID 19 Kyriba Corporation
 
The Office 365 Mobile Workplace - Putting Your Office in Your Pocket
The Office 365 Mobile Workplace - Putting Your Office in Your PocketThe Office 365 Mobile Workplace - Putting Your Office in Your Pocket
The Office 365 Mobile Workplace - Putting Your Office in Your PocketHaniel Croitoru
 
Pie Insurance Partner Portal - Insurer Innovation Award 2022
Pie Insurance Partner Portal - Insurer Innovation Award 2022Pie Insurance Partner Portal - Insurer Innovation Award 2022
Pie Insurance Partner Portal - Insurer Innovation Award 2022The Digital Insurer
 
Accelerating partnerships and generating revenue with API management
Accelerating partnerships and generating revenue with API managementAccelerating partnerships and generating revenue with API management
Accelerating partnerships and generating revenue with API managementtnooz
 
Top Tips on Choosing a vCISO
Top Tips on Choosing a vCISOTop Tips on Choosing a vCISO
Top Tips on Choosing a vCISOCISOSHARE
 
apidays LIVE Paris 2021 - API data sharing legal practices in the Private Sec...
apidays LIVE Paris 2021 - API data sharing legal practices in the Private Sec...apidays LIVE Paris 2021 - API data sharing legal practices in the Private Sec...
apidays LIVE Paris 2021 - API data sharing legal practices in the Private Sec...apidays
 
Pie Insurance - InsurTech Innovation Award 2022
Pie Insurance - InsurTech Innovation Award 2022Pie Insurance - InsurTech Innovation Award 2022
Pie Insurance - InsurTech Innovation Award 2022The Digital Insurer
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 

Similar to APIdays Helsinki 2019 - API Security Risk Management with Bug Bounties with Lea Viljanen, Hackrfi (20)

Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
 
APIdays Paris 2018 - Creating an API economy business strategy Alan Glickenho...
APIdays Paris 2018 - Creating an API economy business strategy Alan Glickenho...APIdays Paris 2018 - Creating an API economy business strategy Alan Glickenho...
APIdays Paris 2018 - Creating an API economy business strategy Alan Glickenho...
 
Webinar–Open Source Risk in M&A by the Numbers
Webinar–Open Source Risk in M&A by the NumbersWebinar–Open Source Risk in M&A by the Numbers
Webinar–Open Source Risk in M&A by the Numbers
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...
 
Chapter 5.pdf
Chapter 5.pdfChapter 5.pdf
Chapter 5.pdf
 
Improve the Security of Your Application Portfolio in a Few Days with On-Dema...
Improve the Security of Your Application Portfolio in a Few Days with On-Dema...Improve the Security of Your Application Portfolio in a Few Days with On-Dema...
Improve the Security of Your Application Portfolio in a Few Days with On-Dema...
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
 
Identity Resolution
Identity ResolutionIdentity Resolution
Identity Resolution
 
Driving Payments Security and Efficiency During COVID-19
Driving Payments Security and Efficiency During COVID-19Driving Payments Security and Efficiency During COVID-19
Driving Payments Security and Efficiency During COVID-19
 
Driving Payments Security and Efficiency During COVID 19
Driving Payments Security and Efficiency During COVID 19 Driving Payments Security and Efficiency During COVID 19
Driving Payments Security and Efficiency During COVID 19
 
The Office 365 Mobile Workplace - Putting Your Office in Your Pocket
The Office 365 Mobile Workplace - Putting Your Office in Your PocketThe Office 365 Mobile Workplace - Putting Your Office in Your Pocket
The Office 365 Mobile Workplace - Putting Your Office in Your Pocket
 
Pie Insurance Partner Portal - Insurer Innovation Award 2022
Pie Insurance Partner Portal - Insurer Innovation Award 2022Pie Insurance Partner Portal - Insurer Innovation Award 2022
Pie Insurance Partner Portal - Insurer Innovation Award 2022
 
Accelerating partnerships and generating revenue with API management
Accelerating partnerships and generating revenue with API managementAccelerating partnerships and generating revenue with API management
Accelerating partnerships and generating revenue with API management
 
Top Tips on Choosing a vCISO
Top Tips on Choosing a vCISOTop Tips on Choosing a vCISO
Top Tips on Choosing a vCISO
 
apidays LIVE Paris 2021 - API data sharing legal practices in the Private Sec...
apidays LIVE Paris 2021 - API data sharing legal practices in the Private Sec...apidays LIVE Paris 2021 - API data sharing legal practices in the Private Sec...
apidays LIVE Paris 2021 - API data sharing legal practices in the Private Sec...
 
Pie Insurance - InsurTech Innovation Award 2022
Pie Insurance - InsurTech Innovation Award 2022Pie Insurance - InsurTech Innovation Award 2022
Pie Insurance - InsurTech Innovation Award 2022
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 

More from apidays

apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays
 
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays
 
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays
 
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays
 
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays
 
apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays
 
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays
 
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays
 
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays
 
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays
 
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays
 
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays
 
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...apidays
 
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOApidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOapidays
 
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...apidays
 
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...apidays
 
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...apidays
 
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...apidays
 
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...apidays
 
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...apidays
 

More from apidays (20)

apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...
 
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
 
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
 
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
 
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
 
apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...
 
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
 
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
 
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
 
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
 
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
 
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
 
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
 
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOApidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
 
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
 
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
 
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
 
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
 
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
 
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

APIdays Helsinki 2019 - API Security Risk Management with Bug Bounties with Lea Viljanen, Hackrfi

  • 3. © Hackrfi Oy 2018 - Julkinen5.6.2019 3 Getting the business value • To get the business benefits, you need to expose your APIs o…to internal parties o…to external partners o…to the general public • Exposure brings risks!
  • 4. © Hackrfi Oy 2018 - Julkinen5.6.2019 4 Some key API risks • Fraudulent transactions oLoss of resources/reputation • Leaks of personally identifiable information (PII) oCan lead to monetary sanctions due to EU GDPR • Denial of Service attacks oMay have direct impact on revenue
  • 5. © Hackrfi Oy 2018 - Julkinen5.6.2019 5 Risks vs benefits • Modern security is all about saying YES and managing the risk. • What tools do we have to get API risks to an acceptable level?
  • 7. © Hackrfi Oy 2018 - Julkinen5.6.2019 7 The traditional M&M method • Firewalls • DMZs • VPNs But if we need co-operation with changing number of API consumers in the ecosystem? Perimeter protection
  • 8. © Hackrfi Oy 2018 - Julkinen5.6.2019 8 Defence in depth • Perimeter protection • Endpoint protection • Software & API controls • Processes o Not just to prevent, but also to detect! People / Processes SW HW DATA Multiple layers of security Perimeter can be more open because of other controls – this allows for co- operation and ecosystem memberships
  • 9. © Hackrfi Oy 2018 - Julkinen5.6.2019 9 Key processes for API security •Secure coding •Vulnerability management •Audit management •Intrusion detection •Incident management Tämä kuva, tekijä Tuntematon tekijä, käyttöoikeus: CC BY-SA
  • 11. © Hackrfi Oy 2018 - Julkinen5.6.2019 11 How to discover vulnerabilities? • Incidents … oops! • Error reports from staff, users, API consumers, third parties • Security audits and reviews • … and bug bounties!
  • 12. © Hackrfi Oy 2018 - Julkinen5.6.2019 12 Bug bounty program – what? • An organisation pays security researchers (i.e. hackers) if they report a vulnerability in a responsible manner. • Target can be from the whole infrastructure to a platform to a single app and its API • Payment sum can vary, typically from thousands to hundreds
  • 13. © Hackrfi Oy 2018 - Julkinen5.6.2019 13 Key benefits • A bug bounty encourages hackers to report issues before the criminals take advantage • Cost effective – only real vulnerabilities get bounties • Public programs increase third party trust to your services • Much more agile than traditional audits
  • 14. © Hackrfi Oy 2018 - Julkinen5.6.2019 14 Audits vs bug bounties • Is limited by time (work days) • Is limited by money (pre- approved budget) • Is limited by expertise of the couple of people doing the testing • Gives results at one point in time • Hackers don’t count hours • Hackers are paid only if they find results • Community hackers have variable expertise. • Can be run continuously Traditional audits Bug bounty
  • 15. © Hackrfi Oy 2018 - Julkinen5.6.2019 15 Bug bounty cons • Your processes need to be mature to handle incoming reports oBad reputation for being a black hole or not paying • Setting up the program and communicating with hackers takes resources • Works best with public targets
  • 16. © Hackrfi Oy 2018 - Julkinen5.6.2019 16 Different types of programs Private Open Public Open Private Closed Public Closed - Not disclosed in public, need to know only - Invited participants only - Publicly visible - Anyone can join and submit reports - Publicly visible - Participants are selected - Invitation only - By application
  • 17. © Hackrfi Oy 2018 - Julkinen5.6.2019 17 How to go about it? Decide Target, rules, payment structure Type of program Publish it Receive reports Contact point Triage Evaluate Acceptance Decide bounty amount Commu- nicate Pay Remediate Prioritize Assess risk vs time & costs to fix Communicate 