2022 APIsecure_API Discovery: First step towards API Security

•

0 likes•42 views

APIsecure - April 6 & 7, 2022 APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security. API Discovery: First step towards API Security Amod Gupta, Product Manager at Traceable

Technology

API
First step towards API Security
Discovery
Amod Gupta
Product Management, Traceable
amod@traceable.ai

GOAL ▪ Define API Discovery in the
context of API Security
▪ Minimum set of discovery
related features that API
Security tools should provide

What makes
API discovery
challenging
▪ Public cloud
▪ On-premises
▪ Hybrid
Deployment Options
Microservices
architecture has made
applications massively
distributed
Distributed
Dev teams are
releasing multiple
times a week
Agile releases

Automatically discover all API endpoints (by inspecting traffic)
Group APIs by apps, services, domains etc. so security teams can
digest the information
Classify APIs as external (public), internal or 3rd party
Automatically catalog new APIs and updates to existing APIs
API discovery
tool should…
Minimum Feature Set
1. Automatically create an API Catalog
● Hierarchical grouping
● Classification of APIs
● Up to date

Now, that we have an
API Catalog, how do we
make it actionable

Open
API Specification
Are APIs being consumed securely?
Are APIs being consumed as the
developer intended?
Are APIs exposing unknown
parameters, responses,
content-types etc. ?
Without
Common source of truth between different
teams and partners
Portability between different security tools
Easy to identify which APIs expose sensitive
data and where
With
Minimum Feature Set
1. Automatically create an API Catalog
● Hierarchical grouping
● Classification of APIs
● Up to date
2. Open API spec for API endpoints
● Create
● Download

Minimum Feature Set
We’ve cataloged all the API endpoints
We have Open API specifications for them
But how do we consume this when there are 1000s of endpoints?
CONFORMANCE ANALYSIS
Open API spec
Developer version
● Missing APIs (Shadow APIs)
● Issues with parameters
● Issues with request/response bodies
Open API spec
Prod/Test version
Doing this at scale… 1. Automatically create an API Catalog
● Hierarchical grouping
● Classification of APIs
● Up to date
2. Open API spec for API endpoints
● Create
● Download
3. Conformance analysis to identify
high priority issues at scale

Sensitive data exposure
Minimum Feature Set
1. Automatically create an API Catalog
● Hierarchical grouping
● Classification of APIs
● Up to date
2. Open API spec for API endpoints
● Create
● Download
3. Conformance analysis to identify
high priority issues at scale
Catalog of Sensitive Data
SSN email age
gcp_api_key
ip_address
credit_card_no address
Integrated workflows
Detect
● New data exposure
● Policy violations
Log
● Create tickets
● Integrations
Track & Verify
● Pre-prod
environments
TIN
SIN
aws_api_key
4. Sensitive data exposure
● Catalog data types
● Integrated workflows

Risk Score brings it together
API Endpoints Risk Score
/juiceshop/getorder/{order-id} 8
/juiceshop/create-account 7
/juiceshop/order/checkout/ 5
/juiceshop/account/getaccount/{account-id} 5
/juiceshop/order/notification/ 2
7
Conformance deviations
Public or Internal Sensitive Data Exposure
HTTP vs HTTPs
Minimum Feature Set
1. Automatically create an API Catalog
● Hierarchical grouping
● Classification of APIs
● Up to date
2. Open API spec for API endpoints
● Create
● Download
3. Conformance analysis to identify
high priority issues at scale
4. Sensitive data exposure
● Catalog data types
● Integrated workflows
5. Integrated risk score

Summary
API Catalog
Automatically create and keep
up to date
Open API Spec
Automatically create and keep
up to date
Conformance
Identify the drift from expected
behavior
Risk Score
Integrated score to identify APIs
that need attention
Sensitive Data
Integrated score to identify APIs
that need attention

INTERFACE, by apidays - APIs: the next 10 years June 8, 9 & 10 2022 Automatically discover and improve API security posture with Traceable's API Catalog Sudeep Padiyar, Founding Member, Product Management at Traceable AI ------------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/ Deep dive into the API industry with our reports: https://www.apidays.global/industry-reports/ Subscribe to our global newsletter: https://apidays.typeform.com/to/i1MPEW

What It Takes to Build API Integrations

Nordic APIs

As APIs are becoming the building blocks of modern software, being able to rely on them is critical. Some might even say that APIs are the next big SaaS wave. But the problem is that as APIs become more universal, integrating them is not getting any easier, on the contrary. After interviewing over 50 engineering organizations, we’ve compiled a list of the best practices we came across and the challenges faced while building API integrations.

2022 APIsecure_Securing APIs with Open Standards

APIsecure_ Official

Securing APIs with Open Standards provides tips for securing APIs from the Synack Red Team. It discusses using OpenAPI definitions to document APIs, embracing open box testing, and balancing security and adoption through developer relations. It also demonstrates how insecure user input validation can allow access to private data stored in AWS S3 buckets and how Salesforce record IDs can be brute forced to enable unauthorized access if not properly secured. The presentation emphasizes designing APIs with security in mind, adopting standards like OpenAPI, and balancing security testing with developer onboarding.

Apidays Paris 2023 - Building an Inventory, Maria Teresa Pereira, KPMG Portugal

apidays

Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies December 6, 7 & 8, 2023 Building an Inventory: How to identify all the APIs hidden in plain sight? Maria Teresa Pereira, Senior IT Advisor / Pentester - Cybersecurity Services at KPMG Portugal ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Build, host and manage your custom API in less than an hour

Jerome Louvel

Peeling the Onion: Making Sense of the Layers of API Security

Matt Tesauro

This document provides an overview of API security from multiple perspectives: API security posture, runtime security, and security testing. It discusses the complex API ecosystem involving various stakeholders. The document also outlines common API attack classes like DDoS, data breaches, and abuse of functionality. Finally, it provides key takeaways that APIs have complex interconnected systems, require coordination across teams, and need to be evaluated from different security perspectives.

Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest

Matt Tesauro

API Services: Building State-of-the-Art APIs

Apigee | Google Cloud

WaveMaker helps enterprises develop, publish, manage, and consume APIs to create successful API programs and ecosystems. It provides a full end-to-end API solution that allows enterprises to quickly generate REST APIs from data and legacy systems, publish and securely manage APIs, and enable rapid application development for internal and external consumption of APIs. Key benefits include automated API generation, mock data creation, enterprise-grade security, detailed monitoring, and support for building an application ecosystem around published APIs.

2022 APIsecure_Shift Left API Security - The Right Way

APIsecure_ Official

Manual JavaScript Analysis Is A Bug

Lewis Ardern

When performing security assessments or participating in bug bounties, there is generally a methodology you follow when assessing source-code or performing dynamic analysis. This involves using tools, reviewing results and understanding what you should be testing for. Reviewing modern web applications can be quite challenging, and this talk will go into details on how we can automate the boring (but necessary parts) and how to set a roadmap of what should be focused on when dealing with modern JavaScript applications.

Using ap is to gather data

Ke Jiang

This document summarizes a presentation on using APIs to gather data. It discusses installing Anaconda and Spyder to run Python scripts for APIs. It explains what APIs are and provides an example of the New York Times API. It outlines the steps to request an API key from the NY Times developer site and then use that key to collect over 300 New York Times comment objects in a JSON format, saving them to a file and analyzing the most active users and their comments.

Apache Eagle Strata Hadoop World London 2016

Arun Karthick Manoharan

This document provides an overview of the Apache Eagle project, which is an open source platform for monitoring Hadoop ecosystems in real time. It summarizes Eagle's key capabilities as follows: 1. Eagle uses a complex event processing (CEP) engine to evaluate monitoring policies on streamed data and detect access to sensitive data or malicious activities in real time. 2. It integrates with components like Ranger, Sentry, Knox and Splunk to provide a comprehensive solution for securing sensitive data stored in Hadoop. 3. Future releases of Eagle aim to improve the user experience, make the alert engine more scalable and extensible, and allow declarative configuration of data sources and correlation of events from multiple sources.

APImetrics Product Overview March 2015

apimetrics

This document describes an API performance monitoring solution called APImetrics. It notes that existing tools do not adequately monitor real-world API performance. APImetrics provides an intelligent, analytics-driven solution that monitors APIs on an end-to-end basis through automated scenario testing and SLA management. It allows enterprises, API providers, and developers to identify performance issues, resolve problems before they affect users, and ensure APIs meet performance standards.

API Testing with Frisby and Mocha

Lyudmila Anisimova

Deploy a web API in 15'

Restlet

Office Add-ins developer community call-July 2019

Microsoft 365 Developer

July’s call, hosted by Kim Brandl and Doug Mahugh, featured the following presenters and topics: • Doug Mahugh, Senior Dev Writer, presented an overview of the Office Add-ins platform. • Sohail Zafar, Senior Program Manager, covered what’s new in the Outlook JavaScript APIs. • Yu Kaijun, Senior Program Manager, and Ruoying Liang, Senior Program Manager, talked about what’s new in the Excel JavaScript APIs. • Anand Menon, Principal Program Manager Lead, presented about Microsoft 365 App Certification. • Daniel Fylstra, President @ Frontline Systems Inc., presented about the Analytic Solver add-in for Excel, a complex and powerful analytics modeling tool that they’ve ported from a COM add-in to a JavaScript add-in.

apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...

apidays

API breaches are increasing, with over 350 reported publicly since October 2018. The top causes are lack of input validation, rate limiting, data/exception leakage, and authorization and authentication issues. These map to the OWASP API Security Top 10 risks. API-centric architectures expand the attack surface. To address this, security needs to be considered at design time through the API contract, which defines data constraints, authorization policies, logging, and rate limiting. Following best practices like this helps avoid vulnerabilities that are costly to fix later.

[Workshop] Managing the API lifecycle with Open Source Technologies

WSO2

apidays LIVE Paris - Potential of API integrations, common traps and advices ...

apidays

2022 apidays LIVE Helsinki & North_Event API Products – Maximizing the Value ...

apidays

Building an API Security Strategy

SmartBear

The ultimate api checklist by Blendr.io

Blendr.io

Diving into the World of Test Automation The Approach and the Technologies

QASymphony

This presentation was originally given at Quality Jam London. Elise covered test automation and the progression for test automation that you might encounter. The session agenda included: The stages of the test team Why are we automating? What are we automating? How are we automating? What languages should we use? What frameworks and libraries should we use? Open source or proprietary? Learn more at www.qualityjam.com

To Open Banking and Beyond: Developing APIs that are Resilient to every new I...

Curiosity Software Ireland

Watch the live webinar on-demand here - https://curiositysoftware.ie/resources/to-open-banking-and-beyond-api-testing-free-webinar/ With over 35 APIs involved in an average business transaction, API innovation is critical for every organisation. However, microservices and fast-changing components can quickly create overwhelming complexity for architects, developers, and testers. They produce complex arrays of API calls, often leading to QA bottlenecks – or, worse, business-critical systems that have been released with undetected flaws in their APIs. APIs often also work with sensitive data, making it essential to remove risk from API releases. Otherwise, initiatives like Open Banking can turn from an opportunity to a compliance nightmare. The challenge is that the time available to test APIs is only becoming shorter, while the complexity of the systems is increasing. API testing must become both more iterative and more granular. This webinar will show why enterprises across banking, retail, telecoms, and more are combining Model-Based Testing and API Test Automation to overcome API complexity. You will see how Test Modeller builds rigorous API tests automatically in-sprint, pushing them to API Fortress for execution. This approach enables QA teams to ensure that APIs deliver business value, building seamlessly on the skills and techniques they use today. Key takeaways: 1. Organizations investing in APIs must maintain API resilience, reliability, performance, and security. 2. Companies can significantly decrease risk while accelerating releases by combining model-based testing with complete test data management. 3. Test Modeller enables model-based API test automation, using coverage algorithms to create functional and data-driven API tests. 4. Testers can reuse functional API tests in API Fortress as integration tests, load tests, and functional uptime monitors with unlimited deployment and no metered usage fees.

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Sumo Logic

Get Certified as a Sumo Security Power User! With security threats on the rise, come join our Security and Compliance experts to learn how Sumo Logic’s Threat Intelligence can help you stay on top of your environment by matching IOCs like IP address, domain names, URL, email addresses, MD5 hashes and more, to increase velocity and accuracy of threat detection. Hands on labs help cement the knowledge learned.

API Security - OWASP top 10 for APIs + tips for pentesters

Inon Shkedy

The document discusses modern application security issues related to APIs. It begins with an overview of common API security risks like SQL injection, XSS, and CSRF. It then focuses on how application security has changed with the transition to modern architectures that are API-focused, use cloud infrastructure, and follow DevOps practices. Key changes discussed include less abstraction layers, clients handling more responsibility, and APIs exposing more data and endpoints directly. The document also summarizes the OWASP API security project and proposed API security top 10 risks. Real attack examples are provided to illustrate broken authorization and authentication vulnerabilities.

Developing Apps: Exposing Your Data Through Araport

Matthew Vaughn

This document discusses developing apps and exposing data through Araport, an open platform for plant science data and tools. It provides an overview of why researchers should contribute to Araport, how to create web services and apps, commonly asked questions, and available resources. Key steps to creating a web service include implementing REST APIs, describing data sources in metadata, and testing and sharing the service. Developing a science app involves using app templates, consuming Araport APIs to build interactive tools, and publishing apps for others.

2022 APIsecure_The Real World, API Security Edition

APIsecure_ Official

2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...

APIsecure_ Official

Similar to 2022 APIsecure_API Discovery: First step towards API Security

WaveMaker API Success

WaveMaker, Inc.

2022 APIsecure_Shift Left API Security - The Right Way

APIsecure_ Official

Manual JavaScript Analysis Is A Bug

Lewis Ardern

Using ap is to gather data

Ke Jiang

Apache Eagle Strata Hadoop World London 2016

Arun Karthick Manoharan

APImetrics Product Overview March 2015

apimetrics

API Testing with Frisby and Mocha

Lyudmila Anisimova

Deploy a web API in 15'

Restlet

Office Add-ins developer community call-July 2019

Microsoft 365 Developer

apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...

apidays

[Workshop] Managing the API lifecycle with Open Source Technologies

WSO2

apidays LIVE Paris - Potential of API integrations, common traps and advices ...

apidays

2022 apidays LIVE Helsinki & North_Event API Products – Maximizing the Value ...

apidays

Building an API Security Strategy

SmartBear

The ultimate api checklist by Blendr.io

Blendr.io

Diving into the World of Test Automation The Approach and the Technologies

QASymphony

To Open Banking and Beyond: Developing APIs that are Resilient to every new I...

Curiosity Software Ireland

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Sumo Logic

API Security - OWASP top 10 for APIs + tips for pentesters

Inon Shkedy

Developing Apps: Exposing Your Data Through Araport

Matthew Vaughn

Similar to 2022 APIsecure_API Discovery: First step towards API Security (20)

WaveMaker API Success

2022 APIsecure_Shift Left API Security - The Right Way

Manual JavaScript Analysis Is A Bug

Using ap is to gather data

Apache Eagle Strata Hadoop World London 2016

APImetrics Product Overview March 2015

API Testing with Frisby and Mocha

Deploy a web API in 15'

Office Add-ins developer community call-July 2019

apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...

[Workshop] Managing the API lifecycle with Open Source Technologies

apidays LIVE Paris - Potential of API integrations, common traps and advices ...

2022 apidays LIVE Helsinki & North_Event API Products – Maximizing the Value ...

Building an API Security Strategy

The ultimate api checklist by Blendr.io

Diving into the World of Test Automation The Approach and the Technologies

To Open Banking and Beyond: Developing APIs that are Resilient to every new I...

Security Certification: Security Analytics using Sumo Logic - Oct 2018

API Security - OWASP top 10 for APIs + tips for pentesters

Developing Apps: Exposing Your Data Through Araport

More from APIsecure_ Official

2022 APIsecure_The Real World, API Security Edition

APIsecure_ Official

2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...

APIsecure_ Official

2022 APIsecure_A day in the life of an API; Fighting the odds

APIsecure_ Official

2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity

APIsecure_ Official

2022 APIsecure_Securing Large API Ecosystems

APIsecure_ Official

2022 APIsecure_Quarterly Review of API Vulnerabilities

APIsecure_ Official

2022 APIsecure_Top Ten Security Tips for APIs

APIsecure_ Official

2022 APIsecure_Are your APIs Rugged Enough?

APIsecure_ Official

This document discusses how to design APIs to be rugged and resilient against threats. It recommends threat modeling to understand vulnerabilities and abuse cases. It also suggests implementing authorization for every endpoint, explicit anonymous access, and pinning certificates for mobile apps. Runtime protections like rate limiting, JWT validation, and security headers are also advised. Monitoring APIs in a SIEM and leveraging cloud platform protections can help detect and block attacks.

2022 APIsecure_Making webhook APIs secure for enterprise

APIsecure_ Official

Making webhook APIs secure for enterprise involves securing both the API provider and consumer. For API providers, this involves grouping events into APIs and only exposing them to approved developers, enforcing TLS, guaranteeing delivery, and keeping logs. For API consumers, it means knowing API providers, securing callback URLs, and using an API gateway to avoid overload. Checklists are provided to help API providers and consumers implement these security best practices.

2022 APIsecure_API Security & Fraud Detection - Are you ready?

APIsecure_ Official

2022 APIsecure_Monitoring and Responding to API Breaches

APIsecure_ Official

The document discusses monitoring and responding to API breaches. It notes a large increase in API traffic and attacks in recent years as companies increasingly leverage APIs. Responsibility for API security is often unclear as it involves multiple teams. Many companies secure APIs the same way they secure web applications, which can be insufficient. The document recommends establishing API discovery, threat monitoring, integration with security platforms, and log retention to aid in prevention, detection during incidents, and post-incident forensics. Tools like WAFs, API gateways, and testing can help, but a holistic approach across the development lifecycle is needed to properly secure APIs.

2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs

APIsecure_ Official

2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec

APIsecure_ Official

2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...

APIsecure_ Official

2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...

APIsecure_ Official

2022 APIsecure_Hackers with Valid Credentials

APIsecure_ Official

Hackers are exploiting APIs to steal data and access accounts by using valid credentials obtained through phishing, purchase, or partnerships. This poses a challenge as hackers can blend in with real users while maliciously accessing API services. To protect APIs, organizations need visibility into activity across all API gateways and clouds on a per user identity basis. They should also implement authentication, authorization, monitoring for abnormal behavior using machine learning, and automated remediation when risks are detected. Applying a zero trust model with these strategies can help secure APIs.

2022 APIsecure_API Abuse - How data breaches now and in the future will use A...

APIsecure_ Official

2022 APIsecure_Understanding API Abuse With Behavioral Analytics

APIsecure_ Official

2022 APIsecure_Harnessing the Speed of Innovation

APIsecure_ Official

2022 APIsecure_We’re Not in AppSec Anymore Toto

APIsecure_ Official

More from APIsecure_ Official (20)

2022 APIsecure_The Real World, API Security Edition

2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...

2022 APIsecure_A day in the life of an API; Fighting the odds

2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity

2022 APIsecure_Securing Large API Ecosystems

2022 APIsecure_Quarterly Review of API Vulnerabilities

2022 APIsecure_Top Ten Security Tips for APIs

2022 APIsecure_Are your APIs Rugged Enough?

2022 APIsecure_Making webhook APIs secure for enterprise

2022 APIsecure_API Security & Fraud Detection - Are you ready?

2022 APIsecure_Monitoring and Responding to API Breaches

2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs

2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec

2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...

2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...

2022 APIsecure_Hackers with Valid Credentials

2022 APIsecure_API Abuse - How data breaches now and in the future will use A...

2022 APIsecure_Understanding API Abuse With Behavioral Analytics

2022 APIsecure_Harnessing the Speed of Innovation

2022 APIsecure_We’re Not in AppSec Anymore Toto

Recently uploaded

JavaLand 2024: Application Development Green Masterplan

Miro Wengner

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors

DianaGray10

Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more. The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications. We’ll discuss and demo the benefits of UiPath Apps and connectors including: Creating a compelling user experience for any software, without the limitations of APIs. Accelerating the app creation process, saving time and effort Enjoying high-performance CRUD (create, read, update, delete) operations, for seamless data management. Speakers: Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP Charlie Greenberg, host

"Choosing proper type of scaling", Olena Syrota

Fwdays

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Tosin Akinosho

Monitoring and Managing Anomaly Detection on OpenShift Overview Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices. Key Topics Covered 1. Introduction to Anomaly Detection - Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems. 2. Understanding Edge (IoT) - Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source. 3. What is ArgoCD? - Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices. 4. Deployment Using ArgoCD for Edge Devices - Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD. 5. Introduction to Apache Kafka and S3 - Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions. 6. Viewing Kafka Messages in the Data Lake - Learn how to view and analyze Kafka messages stored in a data lake for better insights. 7. What is Prometheus? - Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices. 8. Monitoring Application Metrics with Prometheus - Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system. 9. What is Camel K? - Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes. 10. Configuring Camel K Integrations for Data Pipelines - Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow. 11. What is a Jupyter Notebook? - Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text. 12. Jupyter Notebooks with Code Examples - Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.

Taking AI to the Next Level in Manufacturing.pdf

ssuserfac0301

Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as: 1. How quickly AI is being implemented in manufacturing. 2. Which barriers stand in the way of AI adoption. 3. How data quality and governance form the backbone of AI. 4. Organizational processes and structures that may inhibit effective AI adoption. 6. Ideas and approaches to help build your organization's AI strategy.

GNSS spoofing via SDR (Criptored Talks 2024)

Javier Junquera

In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security. This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing. The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

saastr

Must Know Postgres Extension for DBA and Developer during Migration

Mydbops

Mydbops Opensource Database Meetup 16 Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting Date & Time: 8th June | 10 AM - 1 PM IST Venue: Bangalore International Centre, Bangalore Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle. Key Takeaways: * Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities. * Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom. * Discover how these key extensions can empower both developers and DBAs during the migration process. * Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends. Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL. Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability. Contact us: info@mydbops.com Visit: https://www.mydbops.com/ Follow us on LinkedIn: https://in.linkedin.com/company/mydbops For more details and updates, please follow up the below links. Meetup Page : https://www.meetup.com/mydbops-databa... Twitter: https://twitter.com/mydbopsofficial Blogs: https://www.mydbops.com/blog/ Facebook(Meta): https://www.facebook.com/mydbops/

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

Jason Yip

The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

Christine's Product Research Presentation.pptx

christinelarrosa

Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...

Pitangent Analytics & Technology Solutions Pvt. Ltd

High performance Serverless Java on AWS- GoTo Amsterdam 2024

Vadym Kazulkin

Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.

inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill

LizaNolte

HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable. In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed: Key Takeaways: Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement. Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers. Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.

Essentials of Automations: Exploring Attributes & Automation Parameters

Safe Software

Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they? Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality. You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.

Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians

Neo4j

Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels

Northern Engraving

GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph

Neo4j

5th LF Energy Power Grid Model Meet-up Slides

DanBrown980551

5th Power Grid Model Meet-up It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology. Power Grid Model The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services. Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability. Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization. What to expect For the upcoming meetup we are organizing, we have an exciting lineup of activities planned: -Insightful presentations covering two practical applications of the Power Grid Model. -An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024. -An interactive brainstorming session to discuss and propose new feature requests. -An opportunity to connect with fellow Power Grid Model enthusiasts and users.

What is an RPA CoE? Session 1 – CoE Vision

DianaGray10

Recently uploaded (20)

JavaLand 2024: Application Development Green Masterplan

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors

"Choosing proper type of scaling", Olena Syrota

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Taking AI to the Next Level in Manufacturing.pdf

GNSS spoofing via SDR (Criptored Talks 2024)

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

Must Know Postgres Extension for DBA and Developer during Migration

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

Skybuffer SAM4U tool for SAP license adoption

Christine's Product Research Presentation.pptx

Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...

High performance Serverless Java on AWS- GoTo Amsterdam 2024

inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill

Essentials of Automations: Exploring Attributes & Automation Parameters

Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians

Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels

GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph

5th LF Energy Power Grid Model Meet-up Slides

What is an RPA CoE? Session 1 – CoE Vision

2022 APIsecure_API Discovery: First step towards API Security

1. API First step towards API Security Discovery Amod Gupta Product Management, Traceable amod@traceable.ai

2. GOAL ▪ Define API Discovery in the context of API Security ▪ Minimum set of discovery related features that API Security tools should provide

3. What makes API discovery challenging ▪ Public cloud ▪ On-premises ▪ Hybrid Deployment Options Microservices architecture has made applications massively distributed Distributed Dev teams are releasing multiple times a week Agile releases

4. Automatically discover all API endpoints (by inspecting traffic) Group APIs by apps, services, domains etc. so security teams can digest the information Classify APIs as external (public), internal or 3rd party Automatically catalog new APIs and updates to existing APIs API discovery tool should… Minimum Feature Set 1. Automatically create an API Catalog ● Hierarchical grouping ● Classification of APIs ● Up to date

5. Now, that we have an API Catalog, how do we make it actionable

6. Open API Specification Are APIs being consumed securely? Are APIs being consumed as the developer intended? Are APIs exposing unknown parameters, responses, content-types etc. ? Without Common source of truth between different teams and partners Portability between different security tools Easy to identify which APIs expose sensitive data and where With Minimum Feature Set 1. Automatically create an API Catalog ● Hierarchical grouping ● Classification of APIs ● Up to date 2. Open API spec for API endpoints ● Create ● Download

7. Minimum Feature Set We’ve cataloged all the API endpoints We have Open API specifications for them But how do we consume this when there are 1000s of endpoints? CONFORMANCE ANALYSIS Open API spec Developer version ● Missing APIs (Shadow APIs) ● Issues with parameters ● Issues with request/response bodies Open API spec Prod/Test version Doing this at scale… 1. Automatically create an API Catalog ● Hierarchical grouping ● Classification of APIs ● Up to date 2. Open API spec for API endpoints ● Create ● Download 3. Conformance analysis to identify high priority issues at scale

8. Sensitive data exposure Minimum Feature Set 1. Automatically create an API Catalog ● Hierarchical grouping ● Classification of APIs ● Up to date 2. Open API spec for API endpoints ● Create ● Download 3. Conformance analysis to identify high priority issues at scale Catalog of Sensitive Data SSN email age gcp_api_key ip_address credit_card_no address Integrated workflows Detect ● New data exposure ● Policy violations Log ● Create tickets ● Integrations Track & Verify ● Pre-prod environments TIN SIN aws_api_key 4. Sensitive data exposure ● Catalog data types ● Integrated workflows

9. Risk Score brings it together API Endpoints Risk Score /juiceshop/getorder/{order-id} 8 /juiceshop/create-account 7 /juiceshop/order/checkout/ 5 /juiceshop/account/getaccount/{account-id} 5 /juiceshop/order/notification/ 2 7 Conformance deviations Public or Internal Sensitive Data Exposure HTTP vs HTTPs Minimum Feature Set 1. Automatically create an API Catalog ● Hierarchical grouping ● Classification of APIs ● Up to date 2. Open API spec for API endpoints ● Create ● Download 3. Conformance analysis to identify high priority issues at scale 4. Sensitive data exposure ● Catalog data types ● Integrated workflows 5. Integrated risk score

10. Summary API Catalog Automatically create and keep up to date Open API Spec Automatically create and keep up to date Conformance Identify the drift from expected behavior Risk Score Integrated score to identify APIs that need attention Sensitive Data Integrated score to identify APIs that need attention

11. Questions

12. THANK YOU

2022 APIsecure_API Discovery: First step towards API Security

Recommended

Recommended

More Related Content

Similar to 2022 APIsecure_API Discovery: First step towards API Security

Similar to 2022 APIsecure_API Discovery: First step towards API Security (20)

More from APIsecure_ Official

More from APIsecure_ Official (20)

Recently uploaded

Recently uploaded (20)

2022 APIsecure_API Discovery: First step towards API Security