apidays LIVE India 2022 - The Future of API’s Security.pptx
•Download as PPTX, PDF•
0 likes•193 views
This document summarizes Vandana Verma Sehgal's upcoming API conference schedule and background. The conferences will take place in various global cities between March and December 2022, both virtually and in-hybrid format. Sehgal is a cybersecurity leader who focuses on inclusion and empowering developers to build secure applications. Her work involves highlighting security risks like API breaches and the role of developers in incidents. She advocates shifting security left in the development process.
Report
Share
Report
Share
Recommended
apidays LIVE India 2022_Offensive API Penetration Testing.pptx
apidays LIVE India 2022: Accelerating India’s digitisation with APIs
May 11 & 12, 2022
Offensive API Penetration Testing
Sunny Singh, Lead Security Engineer at Calibo
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
INTERFACE, by apidays - 7 steps to select the right standard to design your A...
INTERFACE, by apidays - APIs: the next 10 years
June 8, 9 & 10 2022
7 steps to select the right standard to Design your API !
Patrick Brosse, Senior Expert : API & Data modeling Design at Amadeus
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
API Architecture and Security
Application to API Security, drivers to the Shift
Doron Chema, CEO & Co-Founder at L7 Defense LTD.
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
From Shift Left to Full Circle - A Pragmatic Approach to Catching Up and Keeping Up With API Security
Chuck Herrin, CTO at WIB
INTERFACE, by apidays - API Discovery: First step towards API Security
INTERFACE, by apidays - APIs: the next 10 years
June 8, 9 & 10 2022
Automatically discover and improve API security posture with Traceable's API Catalog
Sudeep Padiyar, Founding Member, Product Management at Traceable AI
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
INTERFACE, by apidays - Driving the business via APIs.pptx
INTERFACE, by apidays - APIs: the next 10 years
June 8, 9 & 10 2022
Driving the business through secure APIs
Gil Shulman, VP Product at Wib
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
2022 apidays LIVE Helsinki & North_Why webhook APIs are REST APIs perfect sid...
apidays LIVE Helsinki & North: API Ecosystems - Connecting Physical and Digital
March 16 & 17, 2022
Why webhook APIs are REST APIs perfect side-kick
Liam Forde, Founder and Head of Product at Hookie Solutions AB
On the shoulders of giants Learning About API Design by Looking Backwards
Move forward with API Design by reviewing the lessons we’ve learned over the last 10 years with websites, SOA and product design.
Recommended
apidays LIVE India 2022_Offensive API Penetration Testing.pptx
apidays LIVE India 2022: Accelerating India’s digitisation with APIs
May 11 & 12, 2022
Offensive API Penetration Testing
Sunny Singh, Lead Security Engineer at Calibo
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
INTERFACE, by apidays - 7 steps to select the right standard to design your A...
INTERFACE, by apidays - APIs: the next 10 years
June 8, 9 & 10 2022
7 steps to select the right standard to Design your API !
Patrick Brosse, Senior Expert : API & Data modeling Design at Amadeus
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
API Architecture and Security
Application to API Security, drivers to the Shift
Doron Chema, CEO & Co-Founder at L7 Defense LTD.
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
From Shift Left to Full Circle - A Pragmatic Approach to Catching Up and Keeping Up With API Security
Chuck Herrin, CTO at WIB
INTERFACE, by apidays - API Discovery: First step towards API Security
INTERFACE, by apidays - APIs: the next 10 years
June 8, 9 & 10 2022
Automatically discover and improve API security posture with Traceable's API Catalog
Sudeep Padiyar, Founding Member, Product Management at Traceable AI
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
INTERFACE, by apidays - Driving the business via APIs.pptx
INTERFACE, by apidays - APIs: the next 10 years
June 8, 9 & 10 2022
Driving the business through secure APIs
Gil Shulman, VP Product at Wib
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
2022 apidays LIVE Helsinki & North_Why webhook APIs are REST APIs perfect sid...
apidays LIVE Helsinki & North: API Ecosystems - Connecting Physical and Digital
March 16 & 17, 2022
Why webhook APIs are REST APIs perfect side-kick
Liam Forde, Founder and Head of Product at Hookie Solutions AB
On the shoulders of giants Learning About API Design by Looking Backwards
Move forward with API Design by reviewing the lessons we’ve learned over the last 10 years with websites, SOA and product design.
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies
December 6, 7 & 8, 2023
API Observability: Improving Governance, Security and Operations
Jose Haro Peralta, Founder, Author, Instructor at microapis.io
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
What Hackers Don’t Want You To Know: How to Maximize Your API Security
With the number of APIs increasing constantly right along with the number of cyber attacks, API security has never been so important to success in an enterprise. This MuleSoft Meetup was a co-presentation from Big Compass and PingIntelligence by Ping Identity. We looked at how API security works with MuleSoft including the API development lifecycle and implementing security policies on a live API from Anypoint Platform API Manager. We also displayed the monitoring capabilities from API Manager and what a policy violation might look like.
Then, we had some fun by simulating hacks on our own API. We simulated some common attacks and how API Manager and/or a WAF can block these common attacks.
From there, we dove even deeper by simulating very advanced attacks like OAuth token hijacking, data theft, and DoS attacks that fly under the SLA radar. This is where we implemented PingIntelligence’s Anypoint integration custom API policy, showed how a MuleSoft API can connect with PingIntelligence, and how PingIntelligence uses AI to discover and model normal behavior and learn about your APIs to prevent and report on advanced attacks and instruct Anypoint Platform to stop these requesters.
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
The document summarizes API security topics presented by Erez Yalon at a Checkmarx Meetup event. Yalon discusses how API-based applications are different from traditional apps and deserve their own security focus. He outlines the OWASP API Security Project and the proposed API Security Top 10 risks, including broken object level authorization, excessive data exposure, lack of resources/rate limiting, and improper asset management. Yalon calls for community contributions to further develop the Top 10 and other API security resources.
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
This document discusses the importance of API security and how AI can be used to augment API security. It notes that cyber threats are evolving quickly and becoming more sophisticated. API usage has increased access points for potential hackers. The document then outlines how the Accenture APIQ platform uses AI and machine learning for automated API assessment and security. It analyzes API configurations and behavior patterns to provide insights, detect anomalies, monitor APIs, and provide real-time remediation to protect digital assets.
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs for Smarter Platforms and Business Processes
September 13 & 14, 2023
APIs: The Attack Surface That Connects Us All
Stefan Mardak
Enterpise Security Architect, Principal at Akamai Technologies
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Paris 2023 - Building an Inventory, Maria Teresa Pereira, KPMG Portugal
Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies
December 6, 7 & 8, 2023
Building an Inventory: How to identify all the APIs hidden in plain sight?
Maria Teresa Pereira, Senior IT Advisor / Pentester - Cybersecurity Services at KPMG Portugal
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
Closing Keynote: API First Hacking
Corey Ball, Chief Hacking Officer APIsec University| Author of Hacking APIs
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
apidays New York 2022 - Supercharge digital democracy with API first approach...
apidays New York 2022 - Beyond API Regulations for Finance, Insurance, and Healthcare
July 27 & 28, 2022
Supercharge digital democracy with API first approach
Luke Lipan, Sales Manager Americas at Gravitee IO
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
Security as an Enabler for the Digital World - CISO Perspective
A successful API strategy requires a strong partnership between the business, IT, and security functions. Rather than as a hindrance, security increasingly is viewed as a business enabler, with CISOs and CSOs playing a critical role in implementing “guardrails” for safe, secure and compliant API services and security architectures free of unnecessary complexity.
Ultimately, a secure API platform enables developers and DevOps to focus on innovation—by improving the mobile user experience and deploying apps in the cloud, with appropriate security controls built-in. In this webcast, Apigee’s Subra Kumaraswamy and Saba Software CSO Randy Barr will explore how CISOs and CSOs partner with IT and business leaders for a safe and secure journey to cloud, SaaS, and mobile services.
Join to learn about:
- The role of the security officer in helping IT and business meet objectives
- How smart and secure API guardrails remove friction in consuming APIs while protecting sensitive data exposed via APIs.
- Best practices that work for an API centric enterprise
Download podcast: http://bit.ly/1B6h3TR
Adapt or Die Sydney - API Security
Learn about how to protect your digital assets from known external threats at the API layer. Secure your assets against threats like SQL injection, JSON threat protection and application DoS. Protect your apps from cyber threats and bad bots with data-driven enterprise grade API security and Adaptive Threat Protection.
INTERFACE, by apidays - Securing PII
This document discusses strategies for discovering and securing personally identifiable information (PII) at runtime. It outlines some common anti-patterns for PII security like assuming no PII exists or that all data is PII. The document then provides strategies like enforcing narrow permissions, automatically expiring data, monitoring PII transfers, and virtualizing access to data through query layers. It describes how the Resurface platform can be used for API monitoring and detecting PII leaks in real-time. Finally, it discusses using Trino for distributed queries across data sources and Resurface for the API system of record, with views applying retroactive access controls without changing databases.
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
What do Google, Facebook, Paypal, IRS, T-mobile, and USPS have in common? Answer -- hackers used their APIs to access sensitive customer information. Although these API attacks were exposed, most API-based attacks go undetected these days. This deck will discuss today’s evolving API threat landscape and explore what you can do to both detect and block cyberattacks from authenticated users and hackers who have reverse engineered your API with an integrated solution from WSO2 and PingIntelligence.
Intro to Azure Api Management - With Cats
This document provides an introduction to API management. It defines an API as a set of requirements that enables one application to communicate with another. A Web API is specified as using HTTP/HTTPS, being RESTful, and using JSON or XML. API management platforms provide services like authentication, analytics, policy enforcement, and developer engagement. They allow organizations to publish and manage APIs to external developers. The document discusses how APIs have enabled companies like Uber and Airbnb to build large businesses without direct ownership of core assets. It presents Azure API Management as an example of an API management platform and demonstrates its capabilities like provisioning, analytics, testing, policies, and security features.
Mining API Traffic Metadata
Lack of API visibility is a top security concern at many enterprises today. APIs that operate in disconnected silos produce inconsistent analytics and decentralized security. API traffic metadata mining is the new gold rush. Learn how mining and analysing this untapped resource leads to richer API insights and stronger threat detection and blocking.
Layered API Security: What Hackers Don't Want You To Know
What do Google, Facebook, Paypal, IRS, and USPS have in common? The answer is hackers exploited their APIs to access sensitive customer information. Although these API attacks were detected and exposed, most API-based attacks go undetected in today's technologically sophisticated world – particularly attacks that come from authenticated sources. With the number of APIs increasing constantly right along with the number of API attacks, API security has never been so important to an organization's success.
YOU MUST REGISTER HERE TO GET THE CONFERENCE LINK: https://bigcompass.typeform.com/to/emg9DO
Ping Identity and Azure have partnered together with a market-leading solution to tackle the complexities and nuances of protecting API infrastructures and the digital assets that they connect.
This session will discuss today’s API threat landscape and explore what you can do to both detect and block advanced attacks on APIs. The presentation will first dive into the API development lifecycle using a live API built with Azure. We will look at some common monitoring capabilities on the Azure API and what a security violation would look like.
Then, we will have some fun by simulating attacks on our own API. In this phase of the presentation, we will simulate some basic attacks and show how security policies or a web application firewall can block these common attacks.
From there, we will dive even deeper by simulating more advanced attacks from authenticated users (data theft and API takeover), hackers who have reverse engineered an API, and layer 7 DoS attacks that fly under the SLA radar. This is where we will showcase PingIntelligence’s advanced capabilities by showing how a Azure API (or any other API) can connect with PingIntelligence to detect and prevent sophisticated attacks. This will allow the audience to see how the PingIntelligence software uses AI to discover and model normal behavior on an API to block and report on advanced attacks.
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
API breaches are increasing, with over 350 reported publicly since October 2018. The top causes are lack of input validation, rate limiting, data/exception leakage, and authorization and authentication issues. These map to the OWASP API Security Top 10 risks. API-centric architectures expand the attack surface. To address this, security needs to be considered at design time through the API contract, which defines data constraints, authorization policies, logging, and rate limiting. Following best practices like this helps avoid vulnerabilities that are costly to fix later.
APIs: The New Security Layer
The document discusses API security fundamentals and how to effectively secure APIs. It notes that many past API breaches were due to a lack of authentication on APIs, no rate limiting of requests, and other basic security issues. It emphasizes that every system with a URI has an API and outlines steps like applying authentication, authorization, rate limiting, validating requests to prevent attacks. The document argues that APIs with well-defined contracts that specify URIs, input/output formats and authentication models are easier to securely implement and test compared to more complex, dynamic APIs.
WEBINAR: OWASP API Security Top 10
WATCH WEBINAR: https://youtu.be/zTkv_9ChVPY
In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API security has been launched into the forefront of enterprise security concerns – now forcing us to rethink the way we approach API security as a whole.
OWASP Top 10 project has for a long time been the standard list of top vulnerabilities to look for and mitigate in the world of web applications.
APIs represent a significantly different set of threats, attack vectors, and security best practices. This caused the OWASP community to launch OWASP API Security project earlier this year.
In this session we’ll discuss:
What makes API Security different from web application security
The OWASP API Security Top 10
Real world breaches and mitigation strategies for each of the risks
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
The document discusses best practices for securing APIs and identifies three key areas: parameterization, identity, and cryptography. It notes that APIs have a larger attack surface than traditional web apps due to more direct parameterization. It recommends rigorous input and output validation, schema validation, and constraining HTTP methods and URIs. For identity, it advises using real security tokens like OAuth instead of API keys alone. It also stresses the importance of proper cryptography, like using SSL everywhere and following best practices for key management and PKI. The overall message is that APIs require different security practices than traditional web apps.
WSO2Con Asia 2014 - Building the API-Centric Enterprise
WSO2 helps businesses become API-centric by providing tools and infrastructure to support the entire API lifecycle from creation to management to hosting. The platform supports developing RESTful and SOAP APIs and hosting them scalably. It also offers an API management solution, tools for creating and testing APIs, and capabilities for collecting data from user interactions and performing analytics. WSO2 aims to make user interactions with apps and APIs as smooth as possible through features like single sign-on, app marketplaces, and support for hybrid cloud deployments.
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Sustainable IT and API Performance - How to Bring Them Together
Merja Kajava, Founder - Aavista Oy
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Keynote 1: APIs ahoy, the case of Customer Booking APIs in Finnlines and Grimaldi Lines, ShortSea
Vesa Vähämaa, Head of Group IT, Software at Finnlines Plc
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
More Related Content
Similar to apidays LIVE India 2022 - The Future of API’s Security.pptx
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies
December 6, 7 & 8, 2023
API Observability: Improving Governance, Security and Operations
Jose Haro Peralta, Founder, Author, Instructor at microapis.io
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
What Hackers Don’t Want You To Know: How to Maximize Your API Security
With the number of APIs increasing constantly right along with the number of cyber attacks, API security has never been so important to success in an enterprise. This MuleSoft Meetup was a co-presentation from Big Compass and PingIntelligence by Ping Identity. We looked at how API security works with MuleSoft including the API development lifecycle and implementing security policies on a live API from Anypoint Platform API Manager. We also displayed the monitoring capabilities from API Manager and what a policy violation might look like.
Then, we had some fun by simulating hacks on our own API. We simulated some common attacks and how API Manager and/or a WAF can block these common attacks.
From there, we dove even deeper by simulating very advanced attacks like OAuth token hijacking, data theft, and DoS attacks that fly under the SLA radar. This is where we implemented PingIntelligence’s Anypoint integration custom API policy, showed how a MuleSoft API can connect with PingIntelligence, and how PingIntelligence uses AI to discover and model normal behavior and learn about your APIs to prevent and report on advanced attacks and instruct Anypoint Platform to stop these requesters.
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
The document summarizes API security topics presented by Erez Yalon at a Checkmarx Meetup event. Yalon discusses how API-based applications are different from traditional apps and deserve their own security focus. He outlines the OWASP API Security Project and the proposed API Security Top 10 risks, including broken object level authorization, excessive data exposure, lack of resources/rate limiting, and improper asset management. Yalon calls for community contributions to further develop the Top 10 and other API security resources.
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
This document discusses the importance of API security and how AI can be used to augment API security. It notes that cyber threats are evolving quickly and becoming more sophisticated. API usage has increased access points for potential hackers. The document then outlines how the Accenture APIQ platform uses AI and machine learning for automated API assessment and security. It analyzes API configurations and behavior patterns to provide insights, detect anomalies, monitor APIs, and provide real-time remediation to protect digital assets.
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs for Smarter Platforms and Business Processes
September 13 & 14, 2023
APIs: The Attack Surface That Connects Us All
Stefan Mardak
Enterpise Security Architect, Principal at Akamai Technologies
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Paris 2023 - Building an Inventory, Maria Teresa Pereira, KPMG Portugal
Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies
December 6, 7 & 8, 2023
Building an Inventory: How to identify all the APIs hidden in plain sight?
Maria Teresa Pereira, Senior IT Advisor / Pentester - Cybersecurity Services at KPMG Portugal
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
Closing Keynote: API First Hacking
Corey Ball, Chief Hacking Officer APIsec University| Author of Hacking APIs
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
apidays New York 2022 - Supercharge digital democracy with API first approach...
apidays New York 2022 - Beyond API Regulations for Finance, Insurance, and Healthcare
July 27 & 28, 2022
Supercharge digital democracy with API first approach
Luke Lipan, Sales Manager Americas at Gravitee IO
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
Security as an Enabler for the Digital World - CISO Perspective
A successful API strategy requires a strong partnership between the business, IT, and security functions. Rather than as a hindrance, security increasingly is viewed as a business enabler, with CISOs and CSOs playing a critical role in implementing “guardrails” for safe, secure and compliant API services and security architectures free of unnecessary complexity.
Ultimately, a secure API platform enables developers and DevOps to focus on innovation—by improving the mobile user experience and deploying apps in the cloud, with appropriate security controls built-in. In this webcast, Apigee’s Subra Kumaraswamy and Saba Software CSO Randy Barr will explore how CISOs and CSOs partner with IT and business leaders for a safe and secure journey to cloud, SaaS, and mobile services.
Join to learn about:
- The role of the security officer in helping IT and business meet objectives
- How smart and secure API guardrails remove friction in consuming APIs while protecting sensitive data exposed via APIs.
- Best practices that work for an API centric enterprise
Download podcast: http://bit.ly/1B6h3TR
Adapt or Die Sydney - API Security
Learn about how to protect your digital assets from known external threats at the API layer. Secure your assets against threats like SQL injection, JSON threat protection and application DoS. Protect your apps from cyber threats and bad bots with data-driven enterprise grade API security and Adaptive Threat Protection.
INTERFACE, by apidays - Securing PII
This document discusses strategies for discovering and securing personally identifiable information (PII) at runtime. It outlines some common anti-patterns for PII security like assuming no PII exists or that all data is PII. The document then provides strategies like enforcing narrow permissions, automatically expiring data, monitoring PII transfers, and virtualizing access to data through query layers. It describes how the Resurface platform can be used for API monitoring and detecting PII leaks in real-time. Finally, it discusses using Trino for distributed queries across data sources and Resurface for the API system of record, with views applying retroactive access controls without changing databases.
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
What do Google, Facebook, Paypal, IRS, T-mobile, and USPS have in common? Answer -- hackers used their APIs to access sensitive customer information. Although these API attacks were exposed, most API-based attacks go undetected these days. This deck will discuss today’s evolving API threat landscape and explore what you can do to both detect and block cyberattacks from authenticated users and hackers who have reverse engineered your API with an integrated solution from WSO2 and PingIntelligence.
Intro to Azure Api Management - With Cats
This document provides an introduction to API management. It defines an API as a set of requirements that enables one application to communicate with another. A Web API is specified as using HTTP/HTTPS, being RESTful, and using JSON or XML. API management platforms provide services like authentication, analytics, policy enforcement, and developer engagement. They allow organizations to publish and manage APIs to external developers. The document discusses how APIs have enabled companies like Uber and Airbnb to build large businesses without direct ownership of core assets. It presents Azure API Management as an example of an API management platform and demonstrates its capabilities like provisioning, analytics, testing, policies, and security features.
Mining API Traffic Metadata
Lack of API visibility is a top security concern at many enterprises today. APIs that operate in disconnected silos produce inconsistent analytics and decentralized security. API traffic metadata mining is the new gold rush. Learn how mining and analysing this untapped resource leads to richer API insights and stronger threat detection and blocking.
Layered API Security: What Hackers Don't Want You To Know
What do Google, Facebook, Paypal, IRS, and USPS have in common? The answer is hackers exploited their APIs to access sensitive customer information. Although these API attacks were detected and exposed, most API-based attacks go undetected in today's technologically sophisticated world – particularly attacks that come from authenticated sources. With the number of APIs increasing constantly right along with the number of API attacks, API security has never been so important to an organization's success.
YOU MUST REGISTER HERE TO GET THE CONFERENCE LINK: https://bigcompass.typeform.com/to/emg9DO
Ping Identity and Azure have partnered together with a market-leading solution to tackle the complexities and nuances of protecting API infrastructures and the digital assets that they connect.
This session will discuss today’s API threat landscape and explore what you can do to both detect and block advanced attacks on APIs. The presentation will first dive into the API development lifecycle using a live API built with Azure. We will look at some common monitoring capabilities on the Azure API and what a security violation would look like.
Then, we will have some fun by simulating attacks on our own API. In this phase of the presentation, we will simulate some basic attacks and show how security policies or a web application firewall can block these common attacks.
From there, we will dive even deeper by simulating more advanced attacks from authenticated users (data theft and API takeover), hackers who have reverse engineered an API, and layer 7 DoS attacks that fly under the SLA radar. This is where we will showcase PingIntelligence’s advanced capabilities by showing how a Azure API (or any other API) can connect with PingIntelligence to detect and prevent sophisticated attacks. This will allow the audience to see how the PingIntelligence software uses AI to discover and model normal behavior on an API to block and report on advanced attacks.
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
API breaches are increasing, with over 350 reported publicly since October 2018. The top causes are lack of input validation, rate limiting, data/exception leakage, and authorization and authentication issues. These map to the OWASP API Security Top 10 risks. API-centric architectures expand the attack surface. To address this, security needs to be considered at design time through the API contract, which defines data constraints, authorization policies, logging, and rate limiting. Following best practices like this helps avoid vulnerabilities that are costly to fix later.
APIs: The New Security Layer
The document discusses API security fundamentals and how to effectively secure APIs. It notes that many past API breaches were due to a lack of authentication on APIs, no rate limiting of requests, and other basic security issues. It emphasizes that every system with a URI has an API and outlines steps like applying authentication, authorization, rate limiting, validating requests to prevent attacks. The document argues that APIs with well-defined contracts that specify URIs, input/output formats and authentication models are easier to securely implement and test compared to more complex, dynamic APIs.
WEBINAR: OWASP API Security Top 10
WATCH WEBINAR: https://youtu.be/zTkv_9ChVPY
In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API security has been launched into the forefront of enterprise security concerns – now forcing us to rethink the way we approach API security as a whole.
OWASP Top 10 project has for a long time been the standard list of top vulnerabilities to look for and mitigate in the world of web applications.
APIs represent a significantly different set of threats, attack vectors, and security best practices. This caused the OWASP community to launch OWASP API Security project earlier this year.
In this session we’ll discuss:
What makes API Security different from web application security
The OWASP API Security Top 10
Real world breaches and mitigation strategies for each of the risks
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
The document discusses best practices for securing APIs and identifies three key areas: parameterization, identity, and cryptography. It notes that APIs have a larger attack surface than traditional web apps due to more direct parameterization. It recommends rigorous input and output validation, schema validation, and constraining HTTP methods and URIs. For identity, it advises using real security tokens like OAuth instead of API keys alone. It also stresses the importance of proper cryptography, like using SSL everywhere and following best practices for key management and PKI. The overall message is that APIs require different security practices than traditional web apps.
WSO2Con Asia 2014 - Building the API-Centric Enterprise
WSO2 helps businesses become API-centric by providing tools and infrastructure to support the entire API lifecycle from creation to management to hosting. The platform supports developing RESTful and SOAP APIs and hosting them scalably. It also offers an API management solution, tools for creating and testing APIs, and capabilities for collecting data from user interactions and performing analytics. WSO2 aims to make user interactions with apps and APIs as smooth as possible through features like single sign-on, app marketplaces, and support for hybrid cloud deployments.
Similar to apidays LIVE India 2022 - The Future of API’s Security.pptx (20)
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API Security
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
Apidays Paris 2023 - Building an Inventory, Maria Teresa Pereira, KPMG Portugal
Apidays Paris 2023 - Building an Inventory, Maria Teresa Pereira, KPMG Portugal
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
apidays New York 2022 - Supercharge digital democracy with API first approach...
apidays New York 2022 - Supercharge digital democracy with API first approach...
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
Layered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To Know
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
WSO2Con Asia 2014 - Building the API-Centric Enterprise
WSO2Con Asia 2014 - Building the API-Centric Enterprise
More from apidays
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Sustainable IT and API Performance - How to Bring Them Together
Merja Kajava, Founder - Aavista Oy
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Keynote 1: APIs ahoy, the case of Customer Booking APIs in Finnlines and Grimaldi Lines, ShortSea
Vesa Vähämaa, Head of Group IT, Software at Finnlines Plc
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
From Chaos to Calm: Navigating Emerging API Security Challenges
Eli Arkush, Principal Solutions Engineer, API Security at Akamai
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - What is next now that your organization created a (si...
What is next now that your organization created a (significant) set of APIs?
Rogier van Boxtel, Director, Pre Sales Consulting - Axway
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
There’s no AI without API, but what does this mean for Security?
Timo Rüppell, VP of Product - FireTail.io
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Security Vulnerabilities in your APIs
Lukáš Ďurovský, Staff Software Engineer at Thermo Fisher Scientific
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Data, API’s and Banks, with AI on top
Sergio Giraldo, IT Lead - ING
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Data Ecosystems Driving the Green Transition
Olli Kilpeläinen, VP - Data Platform & Ecosystem at Betolar
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Bridging the Gap Between Backend and Frontend API Testing with K6
Ayush Goyal, Senior Software Engineer - Grafana Labs
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
API Compliance by Design
Marjukka Niinioja, APItalista & Founding Partner - Osaango
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
ABLOY goes API economy – Transformation story
Hanna Sillanpää Head of Digital Solutions PU - Abloy
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
The subtle art of API rate limiting
Josh Twist, Co-founder & CEO at Zuplo
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
ESTful API Patterns and Practices
Mike Amundsen, Author of "Design and Build Great APIs", API Strategist & Advisor at amundsen.com, Inc.
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Putting AI into API Security
Corey Ball, Author and Sr. Manager Pentest at Moss Adams
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Prototype-first - A modern API development workflow
Tom Akehurst, CTO and Co-Founder at WireMock
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Post-Quantum API Security: Preparing your APIs for Q-day
Francois Lascelles, Distinguished Engineer at Broadcom and CTO at Layer7
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Increase your productivity with no-code GraphQL mocking
Hugo Guerrero, Chief Software Architect, APIs & Integration Developer Advocate at Red Hat
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Driving API & EDA Success: Comparing CoE & C4E Models for Organizational Enablement
Marcelo Caponi, Global Product Manager - API & Integration at Danone
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Build a terrible API for people you hate
Jim Bennett, Principal Developer Advocate at liblab
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
API Secret Tokens Exposed: Insights from Analyzing 1 Million Domains
Tristan Kalos, Co-founder and CEO at Escape
Antoine Carossio, Co-Founder & CTO at Escape
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
More from apidays (20)
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Recently uploaded
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Trusted Execution Environment for Decentralized Process Mining
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Finale of the Year: Apply for Next One!
Presentation for the event called "Finale of the Year: Apply for Next One!" organized by GDSC PJATK
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
June Patch Tuesday
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Digital Marketing Trends in 2024 | Guide for Staying Ahead
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
dbms calicut university B. sc Cs 4th sem.pdf
Its a seminar ppt on database management system using sql
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Recently uploaded (20)
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
apidays LIVE India 2022 - The Future of API’s Security.pptx
- 1. The Future of API’s Vandana Verma Sehgal
- 2. 2022 SERIES OF EVENTS New York JULY (HYBRID) Australia SEPTEMBER (HYBRID) Singapore APRIL (VIRTUAL) Helsinki & North MARCH (VIRTUAL) Paris DECEMBER (HYBRID) London OCTOBER (HYBRID) Hong Kong AUGUST (VIRTUAL) JUNE (VIRTUAL) India MAY (VIRTUAL) APRIL (VIRTUAL) Dubai & Middle East JUNE (VIRTUAL) Check out our API Conferences www.apidays.global Want to talk at one of our conferences? apidays.typeform.com/to/ILJeAaV8
- 3. Vandana Verma Sehgal ● Security Relations Leader - Snyk ● OWASP Global Board of Directors – Chair ● President of InfosecGirls, InfosecKids and InfosecDiversity ● Award-winning Cybersecurity Professional ● Keynote Speaker, Inclusion Advocate ● Member of Review Board at Grace Hopper, BSides Conferences, • Global AppSec, etc. About Me
- 8. How developers play a role in security incidents What does the software supply chain landscape looks like today You care about Software Security
- 9. Developers as a Malware Distribution Vehicle
- 10. The event-stream incident // 2018
- 11. The event-stream incident source: http://bit.ly/es-incident
- 12. How API Based Apps are Different? ● The server is used more as a proxy for data ● The rendering component is the client, not the server ● Clients consume raw data ● APIs expose the underlying implementation of the app ● The user’s state is usually maintained and monitored by the client ● More parameters are sent in each HTTP request (object ID’s, filters)
- 13. Your App
- 15. Biggest Breaches of API
- 16. Clubhouse Leak
- 17. Linkedin Breach
- 18. NoxPlayer Breach
- 19. API1:2019 Broken Object Level Authorization API2:2019 Broken User Authentication API3:2019 Excessive Data Exposure API4:2019 Lack of Resources & Rate Limiting API5:2019 Broken Function Level Authorization API6:2019 Mass Assignment API7:2019 Security Misconfiguration API8:2019 Injection API9:2019 Improper Assets Management API10:2019 Insufficient Logging & Monitoring API Security Top 10 2019
- 20. How API Based Apps are Different? Traditional vulnerabilities are less common in API-Based apps: •SQLi – Increasing use of ORMs •CSRF – Authorization headers instead of cookies •Path Manipulations – Cloud-Based storage •Classic IT Security Issues - SaaS
- 21. API Security Checklist • Apply Multi-factor Authentication • Encrypt Your Data • Right authorizations for the API’s •Just In-time access
- 22. Let’s hack an app!
- 23. Let’s hack an app!
- 25. “Shift Left” is not enough Empowering developers to build applications securely within the entire development process Empower developers Enable security team
- 27. The OWASP Community • OWASP is a worldwide free and open community focused on improving the security of application software. • Our mission is to make application security visible so that people and organisations can make informed decisions about application security risks. Session at Global AppSec Amsterdam