SlideShare a Scribd company logo

2022 APIsecure_Top Ten Security Tips for APIs

Download as PPTX, PDF
APIsecure_ Official
APIsecure_ Official

APIsecure - April 6 & 7, 2022 APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security. Top Ten Security Tips for APIs Tanya Janca, CEO and Founder at WeHackPurple

Technology
1 of 27
@SheHacksPurple Top Ten Security Tips for APIs Tanya Janca CEO & Founder We Hack Purple Advisor @ Bright Security
@SheHacksPurple • APIs rule the web, but they are being attacked • Top Ten API Security Best Practices • Resources • PDF of this talk’s 10 tips • Free Mini Course What are we going to talk about today? Photo by Dex Ezekiel on Unsplash
@SheHacksPurple Tanya Janca About Me • Technical Advisor at Bright Security • CEO & Founder @ We Hack Purple • AKA @SheHacksPurple • Author: Alice and Bob Learn Application Security • Advisor: Nord VPN, Cloud Defense, Aiya • 25 years in tech, Sec + Dev • Blogger, Podcaster, Streamer, Builder, Breaker • Nerd at Large
@SheHacksPurple Let’s do this!
@SheHacksPurple So… I lied. There aren’t ten. I’m going to give you way more than just ten. Sorry/not sorry.
@SheHacksPurple APIs still need just as much security attention as web applications; not having a front end does not make them invisible to attackers. The Problem Web apps are the #1 cause of data breach, and most web apps are now just a bunch of APIs with a GUI in front.
@SheHacksPurple #1 Create a complete inventory of all APIs Photo by Petrebels on Unsplash
@SheHacksPurple #2 All external APIs are connected to via an API gateway Photo by Laila Gebhard on Unsplash
@SheHacksPurple Throttling and Resource Quotas Photo by Donald Giannatti on Unsplash
@SheHacksPurple Logging, monitoring and alerting The same as for Web Apps!
@SheHacksPurple Block all unused HTTP methods/verbs Photo by Dima Pechurin on Unsplash
@SheHacksPurple Use a service mesh for communication management
@SheHacksPurple Enforce Them. Photo by Markus Winkler on Unsplash
@SheHacksPurple Strict Linting Photo by Wes Hicks on Unsplash
@SheHacksPurple Avoid verbose error messages Photo by Markus Spiske on Unsplash
@SheHacksPurple Decommission old or unused versions of APIs.
@SheHacksPurple All the same secure coding practices you normally do; input validation using approved lists, parameterized queries, bounds checking, etc.
@SheHacksPurple What did we learn today? APIs need just as much attention as web apps! Best practices are doable! Secure SDLCs produce secure software
@SheHacksPurple @SheHacksPurple Resources newsletter. wehackpurple.com/ api-security
@SheHacksPurple Free PDF of This Talk! newsletter. wehackpurple.com/ api-security
@SheHacksPurple Free API Security Mini Course! https://academy. wehackpurple.com/ courses/api-security- mini-course
@SheHacksPurple I have a podcast!!!!! We Hack Purple Podcast, season 2, offers short security lessons and best practices! Watch it on YouTube or subscribe on any podcast platform. youtube.com/WeHackPurple
@SheHacksPurple Awesome Books! • The DevOps Handbook • The Phoenix Project • Accelerate • The Unicorn Project • Alice and Bob Learn Application Security
@SheHacksPurple Join the community!!!!! Community.WeHackPurple.com The We Hack Purple Community is FREE! Meet like-minded people and nerd out!
@SheHacksPurple #CyberMentoringMonday Every Monday!
@SheHacksPurple Resources: ME!!!! Twitter: @SheHacksPurple https://SheHacksPurple.ca/blog https://YouTube.com/SheHacksPurple https://NewsLetter.SheHacksPurple.ca
@SheHacksPurple THANK YOU Tanya Janca Advisor @ Bright We Hack Purple

Recommended

Purple is the New Black: Modern Approaches for Application Security
Purple is the New Black: Modern Approaches for Application SecurityPurple is the New Black: Modern Approaches for Application Security
Purple is the New Black: Modern Approaches for Application SecurityTanya Janca
 
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon
 
So You Want to Do a Startup!
So You Want to Do a Startup!So You Want to Do a Startup!
So You Want to Do a Startup!Abby Fichtner
 
Intro to IronWASP
Intro to IronWASPIntro to IronWASP
Intro to IronWASPn|u - The Open Security Community
 
The Anatomy of Java Vulnerabilities
The Anatomy of Java VulnerabilitiesThe Anatomy of Java Vulnerabilities
The Anatomy of Java VulnerabilitiesSteve Poole
 
GeeCON 2015 DevOps and the dark side
GeeCON 2015 DevOps and the dark side GeeCON 2015 DevOps and the dark side
GeeCON 2015 DevOps and the dark side Steve Poole
 
(java2days) The Anatomy of Java Vulnerabilities
(java2days) The Anatomy of Java Vulnerabilities(java2days) The Anatomy of Java Vulnerabilities
(java2days) The Anatomy of Java VulnerabilitiesSteve Poole
 
Cybercrime and the developer 2021 style
Cybercrime and the developer 2021 styleCybercrime and the developer 2021 style
Cybercrime and the developer 2021 styleSteve Poole
 

Recommended

Purple is the New Black: Modern Approaches for Application Security
Purple is the New Black: Modern Approaches for Application SecurityPurple is the New Black: Modern Approaches for Application Security
Purple is the New Black: Modern Approaches for Application SecurityTanya Janca
 
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon
 
So You Want to Do a Startup!
So You Want to Do a Startup!So You Want to Do a Startup!
So You Want to Do a Startup!Abby Fichtner
 
Intro to IronWASP
Intro to IronWASPIntro to IronWASP
Intro to IronWASPn|u - The Open Security Community
 
The Anatomy of Java Vulnerabilities
The Anatomy of Java VulnerabilitiesThe Anatomy of Java Vulnerabilities
The Anatomy of Java VulnerabilitiesSteve Poole
 
GeeCON 2015 DevOps and the dark side
GeeCON 2015 DevOps and the dark side GeeCON 2015 DevOps and the dark side
GeeCON 2015 DevOps and the dark side Steve Poole
 
(java2days) The Anatomy of Java Vulnerabilities
(java2days) The Anatomy of Java Vulnerabilities(java2days) The Anatomy of Java Vulnerabilities
(java2days) The Anatomy of Java VulnerabilitiesSteve Poole
 
Cybercrime and the developer 2021 style
Cybercrime and the developer 2021 styleCybercrime and the developer 2021 style
Cybercrime and the developer 2021 styleSteve Poole
 
Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018Steve Poole
 
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for good
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for goodDevOps & the Dark Side 10 ways to convince your team DevOps is a force for good
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for goodSteve Poole
 
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seo
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seoBrighton SEO July 2021 - Google Discover - optimisation, measurement, tech seo
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seoTom Capper
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs3scale
 
API 101 - Understanding APIs.
API 101 - Understanding APIs.API 101 - Understanding APIs.
API 101 - Understanding APIs.Kirsten Hunter
 
Lean Startups: A Success Blueprint for Early-Stage Entrepreneurs
Lean Startups: A Success Blueprint for Early-Stage EntrepreneursLean Startups: A Success Blueprint for Early-Stage Entrepreneurs
Lean Startups: A Success Blueprint for Early-Stage EntrepreneursAbby Fichtner
 
WebHooks in 10 Minutes
WebHooks in 10 MinutesWebHooks in 10 Minutes
WebHooks in 10 MinutesJeff Lindsay
 
SXSW2018 - Designing & Building for a Data Science Future
SXSW2018 - Designing & Building for a Data Science FutureSXSW2018 - Designing & Building for a Data Science Future
SXSW2018 - Designing & Building for a Data Science FutureDan Chuparkoff
 
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsAPIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsapidays
 
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...Steve Poole
 
Hacking For Innovation
Hacking For InnovationHacking For Innovation
Hacking For InnovationChristian Heilmann
 
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...Thiago de Faria
 
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya JancaDevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya JancaDevSecCon
 
I broke what?!??!? Taking over maintenance on well loved projects
I broke what?!??!? Taking over maintenance on well loved projectsI broke what?!??!? Taking over maintenance on well loved projects
I broke what?!??!? Taking over maintenance on well loved projectsBert JW Regeer
 
I broke what? Taking over maintenance on existing (well loved) projects, by B...
I broke what? Taking over maintenance on existing (well loved) projects, by B...I broke what? Taking over maintenance on existing (well loved) projects, by B...
I broke what? Taking over maintenance on existing (well loved) projects, by B...T. Kim Nguyen
 
How We Make Apps And Services
How We Make Apps And ServicesHow We Make Apps And Services
How We Make Apps And Servicesculturengine
 
Encouraging Innovation in Libraries
Encouraging Innovation in LibrariesEncouraging Innovation in Libraries
Encouraging Innovation in LibrariesMeredith Farkas
 
DevOps Days India Keynote
DevOps Days India KeynoteDevOps Days India Keynote
DevOps Days India KeynoteNathen Harvey
 
Fire in the Hole: How a Spark-Powered Platform Charges Analytics
Fire in the Hole: How a Spark-Powered Platform Charges Analytics Fire in the Hole: How a Spark-Powered Platform Charges Analytics
Fire in the Hole: How a Spark-Powered Platform Charges Analytics Inside Analysis
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short VersionValerie Houghton
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...APIsecure_ Official
 

More Related Content

Similar to 2022 APIsecure_Top Ten Security Tips for APIs

Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018Steve Poole
 
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for good
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for goodDevOps & the Dark Side 10 ways to convince your team DevOps is a force for good
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for goodSteve Poole
 
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seo
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seoBrighton SEO July 2021 - Google Discover - optimisation, measurement, tech seo
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seoTom Capper
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs3scale
 
API 101 - Understanding APIs.
API 101 - Understanding APIs.API 101 - Understanding APIs.
API 101 - Understanding APIs.Kirsten Hunter
 
Lean Startups: A Success Blueprint for Early-Stage Entrepreneurs
Lean Startups: A Success Blueprint for Early-Stage EntrepreneursLean Startups: A Success Blueprint for Early-Stage Entrepreneurs
Lean Startups: A Success Blueprint for Early-Stage EntrepreneursAbby Fichtner
 
WebHooks in 10 Minutes
WebHooks in 10 MinutesWebHooks in 10 Minutes
WebHooks in 10 MinutesJeff Lindsay
 
SXSW2018 - Designing & Building for a Data Science Future
SXSW2018 - Designing & Building for a Data Science FutureSXSW2018 - Designing & Building for a Data Science Future
SXSW2018 - Designing & Building for a Data Science FutureDan Chuparkoff
 
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsAPIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsapidays
 
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...Steve Poole
 
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...Thiago de Faria
 
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya JancaDevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya JancaDevSecCon
 
I broke what?!??!? Taking over maintenance on well loved projects
I broke what?!??!? Taking over maintenance on well loved projectsI broke what?!??!? Taking over maintenance on well loved projects
I broke what?!??!? Taking over maintenance on well loved projectsBert JW Regeer
 
I broke what? Taking over maintenance on existing (well loved) projects, by B...
I broke what? Taking over maintenance on existing (well loved) projects, by B...I broke what? Taking over maintenance on existing (well loved) projects, by B...
I broke what? Taking over maintenance on existing (well loved) projects, by B...T. Kim Nguyen
 
How We Make Apps And Services
How We Make Apps And ServicesHow We Make Apps And Services
How We Make Apps And Servicesculturengine
 
Encouraging Innovation in Libraries
Encouraging Innovation in LibrariesEncouraging Innovation in Libraries
Encouraging Innovation in LibrariesMeredith Farkas
 
DevOps Days India Keynote
DevOps Days India KeynoteDevOps Days India Keynote
DevOps Days India KeynoteNathen Harvey
 
Fire in the Hole: How a Spark-Powered Platform Charges Analytics
Fire in the Hole: How a Spark-Powered Platform Charges Analytics Fire in the Hole: How a Spark-Powered Platform Charges Analytics
Fire in the Hole: How a Spark-Powered Platform Charges Analytics Inside Analysis
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short VersionValerie Houghton
 

Similar to 2022 APIsecure_Top Ten Security Tips for APIs (20)

Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018
 
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for good
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for goodDevOps & the Dark Side 10 ways to convince your team DevOps is a force for good
DevOps & the Dark Side 10 ways to convince your team DevOps is a force for good
 
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seo
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seoBrighton SEO July 2021 - Google Discover - optimisation, measurement, tech seo
Brighton SEO July 2021 - Google Discover - optimisation, measurement, tech seo
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
 
API 101 - Understanding APIs.
API 101 - Understanding APIs.API 101 - Understanding APIs.
API 101 - Understanding APIs.
 
Lean Startups: A Success Blueprint for Early-Stage Entrepreneurs
Lean Startups: A Success Blueprint for Early-Stage EntrepreneursLean Startups: A Success Blueprint for Early-Stage Entrepreneurs
Lean Startups: A Success Blueprint for Early-Stage Entrepreneurs
 
WebHooks in 10 Minutes
WebHooks in 10 MinutesWebHooks in 10 Minutes
WebHooks in 10 Minutes
 
SXSW2018 - Designing & Building for a Data Science Future
SXSW2018 - Designing & Building for a Data Science FutureSXSW2018 - Designing & Building for a Data Science Future
SXSW2018 - Designing & Building for a Data Science Future
 
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsAPIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
 
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...
Devoxx France 2022: Game Over or Game Changing? Why Software Development May ...
 
Hacking For Innovation
Hacking For InnovationHacking For Innovation
Hacking For Innovation
 
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...
devopsdays Kiel 2018 - Can the AI hype & ML algorithms harm your devops initi...
 
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya JancaDevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
 
I broke what?!??!? Taking over maintenance on well loved projects
I broke what?!??!? Taking over maintenance on well loved projectsI broke what?!??!? Taking over maintenance on well loved projects
I broke what?!??!? Taking over maintenance on well loved projects
 
I broke what? Taking over maintenance on existing (well loved) projects, by B...
I broke what? Taking over maintenance on existing (well loved) projects, by B...I broke what? Taking over maintenance on existing (well loved) projects, by B...
I broke what? Taking over maintenance on existing (well loved) projects, by B...
 
How We Make Apps And Services
How We Make Apps And ServicesHow We Make Apps And Services
How We Make Apps And Services
 
Encouraging Innovation in Libraries
Encouraging Innovation in LibrariesEncouraging Innovation in Libraries
Encouraging Innovation in Libraries
 
DevOps Days India Keynote
DevOps Days India KeynoteDevOps Days India Keynote
DevOps Days India Keynote
 
Fire in the Hole: How a Spark-Powered Platform Charges Analytics
Fire in the Hole: How a Spark-Powered Platform Charges Analytics Fire in the Hole: How a Spark-Powered Platform Charges Analytics
Fire in the Hole: How a Spark-Powered Platform Charges Analytics
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 

More from APIsecure_ Official

2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...APIsecure_ Official
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right WayAPIsecure_ Official
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the oddsAPIsecure_ Official
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and IdentityAPIsecure_ Official
 
2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API EcosystemsAPIsecure_ Official
 
2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API VulnerabilitiesAPIsecure_ Official
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?APIsecure_ Official
 
2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterpriseAPIsecure_ Official
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?APIsecure_ Official
 
2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API BreachesAPIsecure_ Official
 
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIsAPIsecure_ Official
 
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSecAPIsecure_ Official
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...APIsecure_ Official
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
 
2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid CredentialsAPIsecure_ Official
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...APIsecure_ Official
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral AnalyticsAPIsecure_ Official
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of InnovationAPIsecure_ Official
 
2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API SecurityAPIsecure_ Official
 

More from APIsecure_ Official (20)

2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
 
2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems
 
2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
 
2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?
 
2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches
 
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
 
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
 
2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation
 
2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

2022 APIsecure_Top Ten Security Tips for APIs

Editor's Notes

  1. Thanks for joining us this afternoon, X I’m Rieve, RSD, Western Half of NA I’m joined by Who else is joining us from your side and what are their roles?
  2. APIs are being attacked by bots all the time, being abused all over the internet. Even without a front end, APIs are still a big target for malicious actors. How do we fight this? In this talk we will cover all the best practices for making your APIs tough and safe! 
  3. Current state of affairs: a review for most, but I want to make sure we a real on the same page
  4. My mandatory cat meme