SlideShare a Scribd company logo

2022 APIsecure_Harnessing the Speed of Innovation

APIsecure_ Official
APIsecure_ Official

APIsecure - April 6 & 7, 2022 APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security. Harnessing the Speed of Innovation Jyoti Bansal, CEO & Founder at Traceable

Technology
1 of 17
Download to read offline
Harnessing the Speed of Innovation Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai
▪ Introduction ▪ The evolution of modern app development ▪ How to solve for complex API challenges ▪ Securing APIs in the new world ▪ What the future holds Agenda
Software Code and APIs are Everywhere Nos of Developers 45 million Nos of APIs 1.2 Billion 100 Million < 10 Million < 1 Million 2020 2030 2.8 have been written in the past 20 years. Trillion Lines of Code 2010 25 Million VS
APIs Connect Everyone and Everything IDC predicts by 2022, 90% of new enterprise applications worldwide will be developed as cloud-native, using agile methodologies and API-driven architectures that leverage microservices, containers, and serverless functions. IDC FutureScape: Worldwide Cloud 2020 Predictions, Doc # US44640719, October 2019 API Cloud Services Healthcare Mobile Services Real Estate E-commerce Govern ment Education Crypto Financial Services Insurance Media/ Entertai nment Hi-Tech
Growing API Security Crisis 91% of organizations had an API Security incident last year… Security Magazine - Feb 2021 Data Breaches & Exfiltration Business Fraud Sensitive Data Exposure Customer & Employee Privacy Violations Regulatory Fines Intellectual Property Theft
Business Fraud via API Allowed attacker to make unlimited cryptocurrency trades between different currency accounts Learn more Attackers could initiate orders and trade cryptocurrency they did not have by modifying the API - the coinbase validation logic did not verify source account properly, and processed the trade normally. Hacker could take over Apple iCloud Accounts by exploiting the password reset API endpoint of “Forgot Password” function Missing logic validation check in a retail brokerage API endpoint Allowed attacker to bypass 2-Factor authentication, SMS verification and password validation rate limits Learn more Rate limiting protection failed to work as designed APIs hijacked and modified
API Attacks Are Hard to Detect ▪ Mostly Unknown threats ▪ Malicious usage of APIs for unauthorized activities ▪ Exploit your own code and business logic Hard to Detect and High Signal to Noise Ratio Countless Attack Surfaces
Ever-changing Competitive Landscape. Business And Technical Challenge - Constant Change Costumer Needs Change Frequently. Critical Pivots: Process, Architecture, Culture, Engg.
Smaller, autonomous teams. Business And Technical Challenge - Agile Distributed Dev Teams Shift from tightly coupled, monolithic systems to loosely coupled APIs. Higher ratio of dev to security
Securing APIs in this new world…
You Can’t Secure What You Can’t See Application Context API ACTIVITY Edge API Calls Internal API Calls Sequence of API Calls USER ACTIVITY Identity Devices Roles & Permissions DATA FLOW Across Sequence of Calls Between Internal Services To External Services CODE EXECUTION API Parameters Request/Response Data Errors & Latency rider / view locations rider / reserver car rider / process payment rider / send receipt 01010 01010 01010 01010 01010 Observability is the core foundation of application security Edge APIs Internal APIs External Service
Move Over Networks, CODE Is The Next Frontier Of Cyber Security What the future holds…
What the future holds… Transformation journeys that integrate speed, innovation. 01 02 03 APIs will become the primary vector of attack. Even more adoption of APIs as the primary method of delivering value.
Top Three Approaches Needed for API Security Observability is Key Data Lake and Threat Hunting ▪ Capture and correlate all transactions and data for all APIs and microservices (internal, external, shadow, orphaned, 3rd party) ▪ Comprehensive breadth and depth of data captured for application security & observability ▪ Store every data trace from all API and data transactions ▪ All data is explorable, searchable, and filterable ▪ Enables deep root cause analysis and threat hunting ▪ Build full application context ▪ Understand user behavior across all activity and time based on user attribution of every transaction. ▪ Correlate all activities across sessions and time into user storylines Machine Learning Platform for Context
Culture and Collaboration is Key Data transparency is the foundation of collaboration. 01 02 03 API security has to be part of development culture. Continuous learning between API Development and Security teams.
Questions? Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai
Thank you. Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai

Recommended

APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...apidays
 
The winners and losers in the move to the Real-Time Cloud Communications
The winners and losers in the move to the Real-Time Cloud CommunicationsThe winners and losers in the move to the Real-Time Cloud Communications
The winners and losers in the move to the Real-Time Cloud CommunicationsAlan Quayle
 
I Love APIs London 2016 Keynote
I Love APIs London 2016 Keynote I Love APIs London 2016 Keynote
I Love APIs London 2016 Keynote Apigee | Google Cloud
 
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...CA Technologies
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays
 
La Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las AplicacionesLa Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las AplicacionesAsociación de Marketing Bancario Argentino
 
Zymr Fintech app development
Zymr Fintech app development Zymr Fintech app development
Zymr Fintech app developmentZymr Cloud
 
Leveraging Cloud and APIs as a Platform for Innovation
Leveraging Cloud and APIs as a Platform for InnovationLeveraging Cloud and APIs as a Platform for Innovation
Leveraging Cloud and APIs as a Platform for InnovationMikael Puittinen
 

Recommended

APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...apidays
 
The winners and losers in the move to the Real-Time Cloud Communications
The winners and losers in the move to the Real-Time Cloud CommunicationsThe winners and losers in the move to the Real-Time Cloud Communications
The winners and losers in the move to the Real-Time Cloud CommunicationsAlan Quayle
 
I Love APIs London 2016 Keynote
I Love APIs London 2016 Keynote I Love APIs London 2016 Keynote
I Love APIs London 2016 Keynote Apigee | Google Cloud
 
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...CA Technologies
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays
 
La Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las AplicacionesLa Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las AplicacionesAsociación de Marketing Bancario Argentino
 
Zymr Fintech app development
Zymr Fintech app development Zymr Fintech app development
Zymr Fintech app developmentZymr Cloud
 
Leveraging Cloud and APIs as a Platform for Innovation
Leveraging Cloud and APIs as a Platform for InnovationLeveraging Cloud and APIs as a Platform for Innovation
Leveraging Cloud and APIs as a Platform for InnovationMikael Puittinen
 
[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven World[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven WorldWSO2
 
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHINGMahbubul Alam
 
The Cloudification of Capital Markets
The Cloudification of Capital MarketsThe Cloudification of Capital Markets
The Cloudification of Capital MarketsStephane Dubois
 
Future Trends in FSI
Future Trends in FSIFuture Trends in FSI
Future Trends in FSIAmazon Web Services
 
The 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdfThe 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdfInsightsSuccess4
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverPing Identity
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
 
Building the TAD ecosystem
Building the TAD ecosystemBuilding the TAD ecosystem
Building the TAD ecosystemAlan Quayle
 
Software panel
Software panelSoftware panel
Software panelMassTLC
 
Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1Innovation Roots
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfFahmiDzikrullah
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation CenterForgeRock
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020TestingXperts
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - EbookWaveMaker, Inc.
 
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...Codemotion
 
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...Alan Quayle
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven WorldWSO2
 
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st CenturyWSO2
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...APIsecure_ Official
 

More Related Content

Similar to 2022 APIsecure_Harnessing the Speed of Innovation

[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven World[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven WorldWSO2
 
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHINGMahbubul Alam
 
The Cloudification of Capital Markets
The Cloudification of Capital MarketsThe Cloudification of Capital Markets
The Cloudification of Capital MarketsStephane Dubois
 
The 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdfThe 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdfInsightsSuccess4
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverPing Identity
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
 
Building the TAD ecosystem
Building the TAD ecosystemBuilding the TAD ecosystem
Building the TAD ecosystemAlan Quayle
 
Software panel
Software panelSoftware panel
Software panelMassTLC
 
Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1Innovation Roots
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfFahmiDzikrullah
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation CenterForgeRock
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020TestingXperts
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - EbookWaveMaker, Inc.
 
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...Codemotion
 
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...Alan Quayle
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven WorldWSO2
 
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st CenturyWSO2
 

Similar to 2022 APIsecure_Harnessing the Speed of Innovation (20)

[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven World[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven World
 
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
 
The Cloudification of Capital Markets
The Cloudification of Capital MarketsThe Cloudification of Capital Markets
The Cloudification of Capital Markets
 
Future Trends in FSI
Future Trends in FSIFuture Trends in FSI
Future Trends in FSI
 
The 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdfThe 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdf
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
 
Building the TAD ecosystem
Building the TAD ecosystemBuilding the TAD ecosystem
Building the TAD ecosystem
 
Software panel
Software panelSoftware panel
Software panel
 
Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - Ebook
 
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
 
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World
 
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
 

More from APIsecure_ Official

2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...APIsecure_ Official
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right WayAPIsecure_ Official
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the oddsAPIsecure_ Official
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and IdentityAPIsecure_ Official
 
2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API EcosystemsAPIsecure_ Official
 
2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API VulnerabilitiesAPIsecure_ Official
 
2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIs2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIsAPIsecure_ Official
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?APIsecure_ Official
 
2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterpriseAPIsecure_ Official
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?APIsecure_ Official
 
2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API BreachesAPIsecure_ Official
 
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIsAPIsecure_ Official
 
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSecAPIsecure_ Official
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...APIsecure_ Official
 
2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid CredentialsAPIsecure_ Official
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...APIsecure_ Official
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral AnalyticsAPIsecure_ Official
 
2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API SecurityAPIsecure_ Official
 
2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore Toto2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore TotoAPIsecure_ Official
 

More from APIsecure_ Official (20)

2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
 
2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems
 
2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities
 
2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIs2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIs
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
 
2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?
 
2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches
 
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
 
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
 
2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
 
2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security
 
2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore Toto2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore Toto
 

Recently uploaded

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 

Recently uploaded (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

2022 APIsecure_Harnessing the Speed of Innovation

  • 1. Harnessing the Speed of Innovation Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai
  • 2. ▪ Introduction ▪ The evolution of modern app development ▪ How to solve for complex API challenges ▪ Securing APIs in the new world ▪ What the future holds Agenda
  • 3. Software Code and APIs are Everywhere Nos of Developers 45 million Nos of APIs 1.2 Billion 100 Million < 10 Million < 1 Million 2020 2030 2.8 have been written in the past 20 years. Trillion Lines of Code 2010 25 Million VS
  • 4. APIs Connect Everyone and Everything IDC predicts by 2022, 90% of new enterprise applications worldwide will be developed as cloud-native, using agile methodologies and API-driven architectures that leverage microservices, containers, and serverless functions. IDC FutureScape: Worldwide Cloud 2020 Predictions, Doc # US44640719, October 2019 API Cloud Services Healthcare Mobile Services Real Estate E-commerce Govern ment Education Crypto Financial Services Insurance Media/ Entertai nment Hi-Tech
  • 5. Growing API Security Crisis 91% of organizations had an API Security incident last year… Security Magazine - Feb 2021 Data Breaches & Exfiltration Business Fraud Sensitive Data Exposure Customer & Employee Privacy Violations Regulatory Fines Intellectual Property Theft
  • 6. Business Fraud via API Allowed attacker to make unlimited cryptocurrency trades between different currency accounts Learn more Attackers could initiate orders and trade cryptocurrency they did not have by modifying the API - the coinbase validation logic did not verify source account properly, and processed the trade normally. Hacker could take over Apple iCloud Accounts by exploiting the password reset API endpoint of “Forgot Password” function Missing logic validation check in a retail brokerage API endpoint Allowed attacker to bypass 2-Factor authentication, SMS verification and password validation rate limits Learn more Rate limiting protection failed to work as designed APIs hijacked and modified
  • 7. API Attacks Are Hard to Detect ▪ Mostly Unknown threats ▪ Malicious usage of APIs for unauthorized activities ▪ Exploit your own code and business logic Hard to Detect and High Signal to Noise Ratio Countless Attack Surfaces
  • 8. Ever-changing Competitive Landscape. Business And Technical Challenge - Constant Change Costumer Needs Change Frequently. Critical Pivots: Process, Architecture, Culture, Engg.
  • 9. Smaller, autonomous teams. Business And Technical Challenge - Agile Distributed Dev Teams Shift from tightly coupled, monolithic systems to loosely coupled APIs. Higher ratio of dev to security
  • 10. Securing APIs in this new world…
  • 11. You Can’t Secure What You Can’t See Application Context API ACTIVITY Edge API Calls Internal API Calls Sequence of API Calls USER ACTIVITY Identity Devices Roles & Permissions DATA FLOW Across Sequence of Calls Between Internal Services To External Services CODE EXECUTION API Parameters Request/Response Data Errors & Latency rider / view locations rider / reserver car rider / process payment rider / send receipt 01010 01010 01010 01010 01010 Observability is the core foundation of application security Edge APIs Internal APIs External Service
  • 12. Move Over Networks, CODE Is The Next Frontier Of Cyber Security What the future holds…
  • 13. What the future holds… Transformation journeys that integrate speed, innovation. 01 02 03 APIs will become the primary vector of attack. Even more adoption of APIs as the primary method of delivering value.
  • 14. Top Three Approaches Needed for API Security Observability is Key Data Lake and Threat Hunting ▪ Capture and correlate all transactions and data for all APIs and microservices (internal, external, shadow, orphaned, 3rd party) ▪ Comprehensive breadth and depth of data captured for application security & observability ▪ Store every data trace from all API and data transactions ▪ All data is explorable, searchable, and filterable ▪ Enables deep root cause analysis and threat hunting ▪ Build full application context ▪ Understand user behavior across all activity and time based on user attribution of every transaction. ▪ Correlate all activities across sessions and time into user storylines Machine Learning Platform for Context
  • 15. Culture and Collaboration is Key Data transparency is the foundation of collaboration. 01 02 03 API security has to be part of development culture. Continuous learning between API Development and Security teams.
  • 16. Questions? Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai
  • 17. Thank you. Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai