SlideShare a Scribd company logo

INTERFACE by apidays 2023 - Security Exposure Management in API First World, Sandeep Nain, Carta

apidays
apidays

INTERFACE by apidays 2023 APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization June 28 & 29, 2023 Security Exposure Management in API First World Sandeep Nain, VP Security and Trust at Carta ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Data & Analytics
1 of 22
Download to read offline
Security Exposure Management in API First World Sandeep Nain
Who am I Sandeep Nain VP of Security, Carta Head of Security Partners, Meta / Facebook Managing Principal, HPE Fortify Advisor: Riscosity, Araali Networks Two decades in information security Built security organizations and comprehensive security programs
Security needs to reduce risk at low operational cost Devices Infrastructure Software Supply Chain Detect Vulnerabilities Triage Vulnerabilities Apps Identify Assets Identify Remediator Remediate Exposures Technologies Processes and People
Managing security exposures is an expensive manual process that fails 7/10 times Inefficient use of security engineers on monotonous operational work of triaging vulnerabilities a.k.a. identifying exposures Fixing non-logic security exposures is distraction for engineers thus leaving exposures unmitigated Expensive security engineers tasked to find the best person to fix the exposure ESG Security Posture Management Survey 2021 organizations have experienced cyber attack that started from unknown, unmanaged or poorly managed asset
We need to eliminate manual operational overhead from security exposure management.
Two types of software
Eliminating manual operational overhead from security exposure management using “actuator” software Automatically triages security exposures and identifies root cause Automatically identifies most appropriate person for mitigation a.k.a. remediator Offers exposure remediation within engineering processes
Current tech landscape is ripe for such innovation Adoption of APIs by security technology vendors. Mass adoption of API-enabled cloud infrastructure DevOps standardization of release management technologies with API support
Step 1: Gather data from the tech stack
Step 1: Gather disparate data from existing tech stack Gather detailed information in graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Security exposure Identified Time Series Infra
Step 1: Gather disparate data from existing tech stack Gather detailed information in graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Security exposure Identified Time Series Infra SBOM: accurate and up-to-date data, provenance (i.e., origin) of software code or components, and controls on internal and third-party software components, tools, and services present in software development processes, and performing audits and enforcement of these controls on a recurring basis;”** SBOM* Entry Points: • APIs • Serverless Third Party Code: • Open Source Dependencies • Commercial Libraries • Licenses Data Management • Data Types • Data Classification • Data format Code Structure • Repositories • Code Modules Orchestration • Services • Deployments Infrastructure • Terraform • Dockerfiles Security Risks* OSS security risk assessment and SCA findings •SAST findings •Weaknesses in entry points •Exposed secrets in code •License compliance issues •SCA and CI/CD Access control weaknesses •Infrastructure misconfigurations •Weak branch protection rules •Risky material changes •Missing security tool coverage *https://apiiro.com/blog/extended-software-bill-of-materials-xbom-sbom/ **https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
Step 2: Convert data into actionable intelligence
Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-prioritize Security exposure Identified Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/)
Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context SBOM in graphical format enable you to identify the source of vulnerable assets automatically.
Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context Identify the remediator for the exposure Resource tagging; Git blame
Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context Identify the remediator for the exposure Resource tagging; Git blame Infrastructure Generative AI (LLM) Code fix generated
Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context Identify the remediator for the exposure Resource tagging; Git blame One-click remediation sent to the remediator via Slack Infrastructure Generative AI (LLM) Code fix generated
Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context Identify the remediator for the exposure Resource tagging; Git blame One-click remediation sent to the remediator via Slack Infrastructure Generative AI (LLM) Code fix generated PR created to update asset
APIs enable security to reduce risk at low operational cost Devices Infrastructure Software Supply Chain Detect Vulnerabilities Triage Exposures Apps Identify Assets Identify Remediator Remediate Exposures Technologies Facilitate distributed security decision making Removes pain & provides immediate value to security teams & engineers
In future, more organizations to opt for “distributed security decision making”. This will require: • Elimination of operational work. Enrich information sourced from point solutions in SBOM format, converts them into security actions and delivers it to the right stake holders quickly. • Minimum friction for engineering. Usage of most security technologies drop drastically within first few weeks due to the learning curve and friction. Such automation will meet the users where they are, and hence provide maximum ROI. Leveraging APIs to automate security exposure management will enable ‘distributed security decision making’
Thanks

Recommended

Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
What are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdfWhat are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdftsaaroacademy
 
Security framework for connected devices
Security framework for connected devicesSecurity framework for connected devices
Security framework for connected devicesHCL Technologies
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_securityGreg Hanchin
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionThreat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionPriyanka Aash
 

Recommended

Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
What are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdfWhat are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdftsaaroacademy
 
Security framework for connected devices
Security framework for connected devicesSecurity framework for connected devices
Security framework for connected devicesHCL Technologies
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_securityGreg Hanchin
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionThreat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionPriyanka Aash
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011dma1965
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Untitled 1
Untitled 1Untitled 1
Untitled 1Sergey Kochergan
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepEnterpriseGRC Solutions, Inc.
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibilityedwardstudyemai
 
Reference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfReference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfimjamadarp19
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 

More Related Content

Similar to INTERFACE by apidays 2023 - Security Exposure Management in API First World, Sandeep Nain, Carta

CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011dma1965
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Reference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfReference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfimjamadarp19
 

Similar to INTERFACE by apidays 2023 - Security Exposure Management in API First World, Sandeep Nain, Carta (20)

CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_ds
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Reference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfReference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdf
 

More from apidays

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...apidays
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...apidays
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...apidays
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...apidays
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...apidays
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...apidays
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...apidays
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...apidays
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...apidays
 

More from apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Recently uploaded

April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxolyaivanovalion
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxolyaivanovalion
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...shambhavirathore45
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Delhi Call girls
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceDelhi Call girls
 

Recently uploaded (20)

April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptx
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 

INTERFACE by apidays 2023 - Security Exposure Management in API First World, Sandeep Nain, Carta

  • 1. Security Exposure Management in API First World Sandeep Nain
  • 2.
  • 3. Who am I Sandeep Nain VP of Security, Carta Head of Security Partners, Meta / Facebook Managing Principal, HPE Fortify Advisor: Riscosity, Araali Networks Two decades in information security Built security organizations and comprehensive security programs
  • 4. Security needs to reduce risk at low operational cost Devices Infrastructure Software Supply Chain Detect Vulnerabilities Triage Vulnerabilities Apps Identify Assets Identify Remediator Remediate Exposures Technologies Processes and People
  • 5. Managing security exposures is an expensive manual process that fails 7/10 times Inefficient use of security engineers on monotonous operational work of triaging vulnerabilities a.k.a. identifying exposures Fixing non-logic security exposures is distraction for engineers thus leaving exposures unmitigated Expensive security engineers tasked to find the best person to fix the exposure ESG Security Posture Management Survey 2021 organizations have experienced cyber attack that started from unknown, unmanaged or poorly managed asset
  • 6. We need to eliminate manual operational overhead from security exposure management.
  • 7. Two types of software
  • 8. Eliminating manual operational overhead from security exposure management using “actuator” software Automatically triages security exposures and identifies root cause Automatically identifies most appropriate person for mitigation a.k.a. remediator Offers exposure remediation within engineering processes
  • 9. Current tech landscape is ripe for such innovation Adoption of APIs by security technology vendors. Mass adoption of API-enabled cloud infrastructure DevOps standardization of release management technologies with API support
  • 10. Step 1: Gather data from the tech stack
  • 11. Step 1: Gather disparate data from existing tech stack Gather detailed information in graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Security exposure Identified Time Series Infra
  • 12. Step 1: Gather disparate data from existing tech stack Gather detailed information in graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Security exposure Identified Time Series Infra SBOM: accurate and up-to-date data, provenance (i.e., origin) of software code or components, and controls on internal and third-party software components, tools, and services present in software development processes, and performing audits and enforcement of these controls on a recurring basis;”** SBOM* Entry Points: • APIs • Serverless Third Party Code: • Open Source Dependencies • Commercial Libraries • Licenses Data Management • Data Types • Data Classification • Data format Code Structure • Repositories • Code Modules Orchestration • Services • Deployments Infrastructure • Terraform • Dockerfiles Security Risks* OSS security risk assessment and SCA findings •SAST findings •Weaknesses in entry points •Exposed secrets in code •License compliance issues •SCA and CI/CD Access control weaknesses •Infrastructure misconfigurations •Weak branch protection rules •Risky material changes •Missing security tool coverage *https://apiiro.com/blog/extended-software-bill-of-materials-xbom-sbom/ **https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
  • 13. Step 2: Convert data into actionable intelligence
  • 14. Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-prioritize Security exposure Identified Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/)
  • 15. Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context SBOM in graphical format enable you to identify the source of vulnerable assets automatically.
  • 16. Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context Identify the remediator for the exposure Resource tagging; Git blame
  • 17. Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context Identify the remediator for the exposure Resource tagging; Git blame Infrastructure Generative AI (LLM) Code fix generated
  • 18. Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context Identify the remediator for the exposure Resource tagging; Git blame One-click remediation sent to the remediator via Slack Infrastructure Generative AI (LLM) Code fix generated
  • 19. Step 2: Convert data into actionable intelligence Gather detailed information in a graph format CI / CD Security Products CI/CD Git Monitor for assets and configuration changes across organization Delta discovered Auto-triage & prioritize security exposure Infrastructure EPSS Score Reachability Analysis Exploitability Context Time Series Retrospective Predictive Infra Infrastructure Reachability Analysis Reachability Analysis* *https://www.phylum.io/automated-vulnerability-reachability *EPSS: Exploit Prediction Scoring System (https://www.first.org/epss/) Exposure root-cause discovered Technical Context Identify the remediator for the exposure Resource tagging; Git blame One-click remediation sent to the remediator via Slack Infrastructure Generative AI (LLM) Code fix generated PR created to update asset
  • 20. APIs enable security to reduce risk at low operational cost Devices Infrastructure Software Supply Chain Detect Vulnerabilities Triage Exposures Apps Identify Assets Identify Remediator Remediate Exposures Technologies Facilitate distributed security decision making Removes pain & provides immediate value to security teams & engineers
  • 21. In future, more organizations to opt for “distributed security decision making”. This will require: • Elimination of operational work. Enrich information sourced from point solutions in SBOM format, converts them into security actions and delivers it to the right stake holders quickly. • Minimum friction for engineering. Usage of most security technologies drop drastically within first few weeks due to the learning curve and friction. Such automation will meet the users where they are, and hence provide maximum ROI. Leveraging APIs to automate security exposure management will enable ‘distributed security decision making’