In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API security has been launched into the forefront of enterprise security concerns – now forcing us to rethink the way we approach API security as a whole.
OWASP Top 10 project has for a long time been the standard list of top vulnerabilities to look for and mitigate in the world of web applications.
APIs represent a significantly different set of threats, attack vectors, and security best practices. This caused the OWASP community to launch OWASP API Security project earlier this year.
In this session we’ll discuss:
· What makes API Security different from web application security
· The top 10 common API security vulnerabilities
· Examples and mitigation strategies for each of the risks
APIs accelerate agility, empower developers, and enable innovative business strategies. But how do you ensure the security of your API architecture as you expose your corporate data to mobile apps, developers, and partners? Does your API security framework enable DevOps agility and a scalable security model for IT?
Join Apigee’s Tim Mather and Subra Kumaraswamy as they discuss API security considerations for DevOps, CSOs, and security professionals. Learn about API security, threat protection, identity capabilities, infrastructure security, and compliance.
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
More and more enterprises today are doing business by opening up their data and applications through APIs. Though forward-thinking and strategic, exposing APIs also increases the surface area for potential attack by hackers. To benefit from APIs while staying secure, enterprises and security architects need to continue to develop a deep understanding about API security and how it differs from traditional web application security or mobile application security.
In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API security has been launched into the forefront of enterprise security concerns – now forcing us to rethink the way we approach API security as a whole.
OWASP Top 10 project has for a long time been the standard list of top vulnerabilities to look for and mitigate in the world of web applications.
APIs represent a significantly different set of threats, attack vectors, and security best practices. This caused the OWASP community to launch OWASP API Security project earlier this year.
In this session we’ll discuss:
· What makes API Security different from web application security
· The top 10 common API security vulnerabilities
· Examples and mitigation strategies for each of the risks
APIs accelerate agility, empower developers, and enable innovative business strategies. But how do you ensure the security of your API architecture as you expose your corporate data to mobile apps, developers, and partners? Does your API security framework enable DevOps agility and a scalable security model for IT?
Join Apigee’s Tim Mather and Subra Kumaraswamy as they discuss API security considerations for DevOps, CSOs, and security professionals. Learn about API security, threat protection, identity capabilities, infrastructure security, and compliance.
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
More and more enterprises today are doing business by opening up their data and applications through APIs. Though forward-thinking and strategic, exposing APIs also increases the surface area for potential attack by hackers. To benefit from APIs while staying secure, enterprises and security architects need to continue to develop a deep understanding about API security and how it differs from traditional web application security or mobile application security.
What are the biggest cyber threats facing financial and healthcare entities today and in the near future? How can organizations embrace innovation and agile development culture while balancing the time to market goals with risk management?
Jason Kobus, director, API Banking, Silicon Valley Bank, and Apigee's head of security, Subra Kumaraswamy, present how an effective API program combined with a secure API management platform can
- provide visibility for all security threats targeting their backend services
- control access to sensitive data - end-to-end
- enable developers to build secure apps with secure APIs
- facilitate secure access with partners and developers
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
By now you’ve bought into the idea of using APIs to integrate cloud, mobile devices and the enterprise. But are building safe APIs? One insecure API can increase your organization’s risk profile exponentially. Securing APIs is not like securing the web—a point lost on many developers coming from a web-centric background. Learn what good practices to put in place and the common security anti-patterns you must avoid to ensure your company’s APIs are reliable, safe and secure. You will learn:
• The top ways hackers exploit APIs in the wild
• Common identity pitfalls and how to avoid them
• Why OAuth scopes are essential to master
• How to keep web developers from bringing bad habits with them
The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome.
In this deck, we discuss:
- The need for API/Microservices Security
- The importance of delegating security enforcement to an API Gateway
- API Authentication and Authorization methodologies
- OAuth2 - The de-facto standard of API Authentication
- Protection against cyber attacks and anomalies
- Security aspects to consider when designing Single Page Applications (SPAs)
Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/
If you ask about API security, you will be most likely be told about OAuth2, may be OpenID Connect and of course TLS.
But in order to properly secure APIs, you will have to address many other aspects. This presentation cover key concepts related to API Security, as well as practical tools/solutions to address the overall issue, such as:
- Transport and message encryption.
- Digital Signatures
- Auditing and non-repudiation
- SecDevOps and security as code
- Coding best practices and how to enforce them
- Infrastructure Best Practices
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
The adoption of Mobile and Cloud applications drives API traffic across domains. OAuth 2.0 is being implemented in complex enterprise environments where new authorization endpoints are combined with various existing identity components, in various configurations.
Handshakes are federated to help provide a single sign-on experience across applications and enhance adoption. Mediation between tokens at the edge of each domain helps extend existing data to new channels. Core grant types, extension grant types, custom schemes, standards, patterns and use cases – let us count the ways in which API access control is applied.
This presentation will examine the role of API management infrastructure in API Security, API Access Control and API Federation and its interaction with enterprise infrastructure, social identity and application developers.
The notion of API security & management in which enterprise architects, app developers and IT security experts work in harmony is great in theory. The reality, according to new research from Ovum, is much more scattered.
Watch Ovum IT Security Analyst Rik Turner as he dives into new primary research on how companies are really managing API security. Then watch the lively conversation as Rami Essaid, CEO of Distil Networks, explains why APIs are becoming such an increasingly attractive target for hackers. Lastly, Shane Ward, Senior Director of Technology at GuideStar, will share best practices and pitfalls to avoid when managing both free and paid access to your APIs.
Key takeaways will include:
- How to benchmark your organization's API security and internal processes against your peers
- Why CIO and/or CISO visibility into how API security is managed across the enterprise is so critical
- How to map your business requirements to your API security strategy
- A primer on API security controls, including geo/org fencing, token governance, dynamic access control lists and advanced rate limiting
- Why heavy "application services governance" software suites are the wrong approach
Learn more about Distil Networks API Security
http://www.distilnetworks.com/api-security/
Secure Enterprise APIs for Mobile, Cloud & Open Web
APIs present enterprises with many business opportunities but they also create new attack vectors that hackers can potentially exploit. APIs share many of the same threats that plague the Web but APIs are fundamentally different from Web sites and have an entirely unique risk profile that must be addressed.
By adopting a secure API architecture from the beginning, it is possible to address both old and new threats. In this webinar, Scott Morrison – CTO at Layer 7 Technologies – will explain in detail how an enterprise can pursue its API publishing strategy without compromising the security of its on-premise systems and data.
You Will Learn
How APIs increase the attack surface
What key types of risk are introduced by APIs
How enterprises can mitigate each of these risks
Why it is crucial to separate API implementation and security into distinct tiers
Presented By
Scott Morrison, CTO, Layer 7 Technologies
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
10 steps to secure your API
Pabitra Kumar Sahoo, Co-founder & CTO at Qualysec Technologies
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
Samsung’s first Tizen-based devices are set to launch in the middle of 2015. This paper presents the research outcome on the security analysis of Tizen OS and it’s underlying security architecture. The paper begins with a quick introduction to Tizen architecture and explains the various components of Tizen OS. This will be followed by Tizen’s security model where application sandboxing and resource access control will be explained. Moving on, an overview of Tizen’s Content Security Framework which acts as an in-built malware detection API will be covered.
Various vulnerabilities in Tizen will be discussed including issues like Tizen WebKit2 address spoofing and content injection, Tizen WebKit CSP bypass and issues in Tizen’s memory protection (ASLR and DEP).
As the pace at which APIs are created, proper security requires automation. This presentation introduces top OWASP issues which are occurring today and a series of steps to better protect our APIs.
apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...apidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
API Security
API Security challenges and solutions
Wadii Tahri, CEO of DIGIXER
In this deck, I cover all the new exciting security feature we have in both gateway and APIC.
We are excited about the new features, and how they can be used to help protect the customer's deployment environment.
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
Tizen is an operating system which is built to run on various kinds of devices. Tizen OS defines following profiles based on the devices types supported.
Tizen IVI (in-vehicle infotainment)
Tizen Mobile
Tizen TV, and
Tizen Wearable
Samsung's first Tizen-based devices are set to be launched in India in Nov 2014. This paper presents the research outcome on the security analysis of Tizen OS. The paper begins with a quick introduction to Tizen architecture which explains the various components of Tizen OS. This will be followed by Tizen's security model, where Application Sandboxing and Resource Access Control powered by Smack will be explained.
The vulnerabilities in Tizen identified during the research and responsibly disclosed to Tizen community will be discussed. This includes issues like Tizen WebKit2 Address spoofing and content injection, Buffer Overflows, Issues in Memory Protection like ASLR and DEP, Injecting SSL Certificate into Trusted Zone, (Shellshock) CVE-2014-6271 etc. Applications in Tizen can be written in HTML5/JS/CSS or natively using C/C++. Overview of pentesting Tizen application will be presented along with some of the issues impacting the security of Tizen application. There will be comparisons made to Android application, and how these security issues differ with Tizen.
For eg: Security issues with inter application communication with custom URL schemes or intent broadcasting in Android as opposed to using MessagePort API in Tizen. Issues with Webview & JavaScript Bridge in Android compared to how the web to native communication is handled with Tizen etc.
Tizen is late to enter into the market as compared to Android or iOS, which gives it the benefit of learning from the mistakes impacting the security of mobile OS, and fixing these issues right in the Security Architecture. To conclude, a verdict would be provided by the speaker on how much Tizen has achieved with regard to making this mobile OS a secure one.
Threat protection and application access controls are key security mechanisms that protect APIs when exposed to internal or external users and developers.
In this technical deep-dive webcast, Apigee's security team, led by Subra Kumaraswamy, will discuss API threats and the protection mechanisms that every API and app developer must implement for safe and secure API management.
This webcast will cover:
- the API threat model
- how to design and implement appropriate guardrails for API security using build-in policies and configuration
- a demo of Apigee Edge threat protection features, including TLS encryption, XML/JSON/SQL injection attacks, and rate limiting
Whether you're an IT security architect or an API or app developer, this webcast will help you understand secure API management.
Download Podcast: http://bit.ly/1biiJQS
Watch Video: http://youtu.be/ffs35w1RYRI
We already showed you how to build a Beautiful REST+JSON API(http://www.slideshare.net/stormpath/rest-jsonapis), but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.
What are the biggest cyber threats facing financial and healthcare entities today and in the near future? How can organizations embrace innovation and agile development culture while balancing the time to market goals with risk management?
Jason Kobus, director, API Banking, Silicon Valley Bank, and Apigee's head of security, Subra Kumaraswamy, present how an effective API program combined with a secure API management platform can
- provide visibility for all security threats targeting their backend services
- control access to sensitive data - end-to-end
- enable developers to build secure apps with secure APIs
- facilitate secure access with partners and developers
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
By now you’ve bought into the idea of using APIs to integrate cloud, mobile devices and the enterprise. But are building safe APIs? One insecure API can increase your organization’s risk profile exponentially. Securing APIs is not like securing the web—a point lost on many developers coming from a web-centric background. Learn what good practices to put in place and the common security anti-patterns you must avoid to ensure your company’s APIs are reliable, safe and secure. You will learn:
• The top ways hackers exploit APIs in the wild
• Common identity pitfalls and how to avoid them
• Why OAuth scopes are essential to master
• How to keep web developers from bringing bad habits with them
The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome.
In this deck, we discuss:
- The need for API/Microservices Security
- The importance of delegating security enforcement to an API Gateway
- API Authentication and Authorization methodologies
- OAuth2 - The de-facto standard of API Authentication
- Protection against cyber attacks and anomalies
- Security aspects to consider when designing Single Page Applications (SPAs)
Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/
If you ask about API security, you will be most likely be told about OAuth2, may be OpenID Connect and of course TLS.
But in order to properly secure APIs, you will have to address many other aspects. This presentation cover key concepts related to API Security, as well as practical tools/solutions to address the overall issue, such as:
- Transport and message encryption.
- Digital Signatures
- Auditing and non-repudiation
- SecDevOps and security as code
- Coding best practices and how to enforce them
- Infrastructure Best Practices
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
The adoption of Mobile and Cloud applications drives API traffic across domains. OAuth 2.0 is being implemented in complex enterprise environments where new authorization endpoints are combined with various existing identity components, in various configurations.
Handshakes are federated to help provide a single sign-on experience across applications and enhance adoption. Mediation between tokens at the edge of each domain helps extend existing data to new channels. Core grant types, extension grant types, custom schemes, standards, patterns and use cases – let us count the ways in which API access control is applied.
This presentation will examine the role of API management infrastructure in API Security, API Access Control and API Federation and its interaction with enterprise infrastructure, social identity and application developers.
The notion of API security & management in which enterprise architects, app developers and IT security experts work in harmony is great in theory. The reality, according to new research from Ovum, is much more scattered.
Watch Ovum IT Security Analyst Rik Turner as he dives into new primary research on how companies are really managing API security. Then watch the lively conversation as Rami Essaid, CEO of Distil Networks, explains why APIs are becoming such an increasingly attractive target for hackers. Lastly, Shane Ward, Senior Director of Technology at GuideStar, will share best practices and pitfalls to avoid when managing both free and paid access to your APIs.
Key takeaways will include:
- How to benchmark your organization's API security and internal processes against your peers
- Why CIO and/or CISO visibility into how API security is managed across the enterprise is so critical
- How to map your business requirements to your API security strategy
- A primer on API security controls, including geo/org fencing, token governance, dynamic access control lists and advanced rate limiting
- Why heavy "application services governance" software suites are the wrong approach
Learn more about Distil Networks API Security
http://www.distilnetworks.com/api-security/
Secure Enterprise APIs for Mobile, Cloud & Open Web
APIs present enterprises with many business opportunities but they also create new attack vectors that hackers can potentially exploit. APIs share many of the same threats that plague the Web but APIs are fundamentally different from Web sites and have an entirely unique risk profile that must be addressed.
By adopting a secure API architecture from the beginning, it is possible to address both old and new threats. In this webinar, Scott Morrison – CTO at Layer 7 Technologies – will explain in detail how an enterprise can pursue its API publishing strategy without compromising the security of its on-premise systems and data.
You Will Learn
How APIs increase the attack surface
What key types of risk are introduced by APIs
How enterprises can mitigate each of these risks
Why it is crucial to separate API implementation and security into distinct tiers
Presented By
Scott Morrison, CTO, Layer 7 Technologies
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
10 steps to secure your API
Pabitra Kumar Sahoo, Co-founder & CTO at Qualysec Technologies
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
Samsung’s first Tizen-based devices are set to launch in the middle of 2015. This paper presents the research outcome on the security analysis of Tizen OS and it’s underlying security architecture. The paper begins with a quick introduction to Tizen architecture and explains the various components of Tizen OS. This will be followed by Tizen’s security model where application sandboxing and resource access control will be explained. Moving on, an overview of Tizen’s Content Security Framework which acts as an in-built malware detection API will be covered.
Various vulnerabilities in Tizen will be discussed including issues like Tizen WebKit2 address spoofing and content injection, Tizen WebKit CSP bypass and issues in Tizen’s memory protection (ASLR and DEP).
As the pace at which APIs are created, proper security requires automation. This presentation introduces top OWASP issues which are occurring today and a series of steps to better protect our APIs.
apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...apidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
API Security
API Security challenges and solutions
Wadii Tahri, CEO of DIGIXER
In this deck, I cover all the new exciting security feature we have in both gateway and APIC.
We are excited about the new features, and how they can be used to help protect the customer's deployment environment.
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
Tizen is an operating system which is built to run on various kinds of devices. Tizen OS defines following profiles based on the devices types supported.
Tizen IVI (in-vehicle infotainment)
Tizen Mobile
Tizen TV, and
Tizen Wearable
Samsung's first Tizen-based devices are set to be launched in India in Nov 2014. This paper presents the research outcome on the security analysis of Tizen OS. The paper begins with a quick introduction to Tizen architecture which explains the various components of Tizen OS. This will be followed by Tizen's security model, where Application Sandboxing and Resource Access Control powered by Smack will be explained.
The vulnerabilities in Tizen identified during the research and responsibly disclosed to Tizen community will be discussed. This includes issues like Tizen WebKit2 Address spoofing and content injection, Buffer Overflows, Issues in Memory Protection like ASLR and DEP, Injecting SSL Certificate into Trusted Zone, (Shellshock) CVE-2014-6271 etc. Applications in Tizen can be written in HTML5/JS/CSS or natively using C/C++. Overview of pentesting Tizen application will be presented along with some of the issues impacting the security of Tizen application. There will be comparisons made to Android application, and how these security issues differ with Tizen.
For eg: Security issues with inter application communication with custom URL schemes or intent broadcasting in Android as opposed to using MessagePort API in Tizen. Issues with Webview & JavaScript Bridge in Android compared to how the web to native communication is handled with Tizen etc.
Tizen is late to enter into the market as compared to Android or iOS, which gives it the benefit of learning from the mistakes impacting the security of mobile OS, and fixing these issues right in the Security Architecture. To conclude, a verdict would be provided by the speaker on how much Tizen has achieved with regard to making this mobile OS a secure one.
Threat protection and application access controls are key security mechanisms that protect APIs when exposed to internal or external users and developers.
In this technical deep-dive webcast, Apigee's security team, led by Subra Kumaraswamy, will discuss API threats and the protection mechanisms that every API and app developer must implement for safe and secure API management.
This webcast will cover:
- the API threat model
- how to design and implement appropriate guardrails for API security using build-in policies and configuration
- a demo of Apigee Edge threat protection features, including TLS encryption, XML/JSON/SQL injection attacks, and rate limiting
Whether you're an IT security architect or an API or app developer, this webcast will help you understand secure API management.
Download Podcast: http://bit.ly/1biiJQS
Watch Video: http://youtu.be/ffs35w1RYRI
We already showed you how to build a Beautiful REST+JSON API(http://www.slideshare.net/stormpath/rest-jsonapis), but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
At some point, we all need to design and implement APIs for the Web. What makes Web APIs different than typical component APIs? How can you leverage the power of the Internet when creating your Web API? What characteristics to many "great" Web APIs share? Is there a consistent process you can use to make sure you design a Web API that best fits your needs both now and in the future?
In this session Mike Amundsen describes a clear methodology for designing Web APIs (based on the book "RESTful Web APIs" by Richardson and Amundsen) that allows you to map key aspects of your business into a usable, scalable, and flexible interface that will reach your goals while creating a compelling API for both server and client developers. Whether you are looking to implement a private, partner, or public API, these principles will help you focus on the right metrics and design goals to create a successful API.
Extend your legacy SOA/ESB infrastructure to Mobile & IoT
This webinar recording provides a use-case driven discussion around appropriate use of existing middleware infrastructure as well as its shortcomings. It dives deep into how APIs can not only complement an ESB or SOA infrastructure but also fill existing gaps.
Watch this webinar recording to learn about:
- Strengths and weaknesses of your existing ESB/SOA infrastructure
- Architecture strategy: extend and add value to legacy middleware with APIs
- Integration / API use cases in Retail, Manufacturing and Telecom
- The API360 approach to digital strategy
Secure and Govern Integration between the Enterprise & the CloudCA API Management
Secure, govern and mediate integrations between enterprise applications and Cloud services
Overview
For Best Buy, the public Cloud provides a strategic way to dynamically scale consumer and partner-facing Web and API assets. The Cloud lets Best Buy accommodate peaks in demand without overbuilding, while isolating sensitive data from the public.
Best Buy also needs a consistent way to control what information is shared with applications in the Cloud, while simultaneously insulating development teams from the vagaries of security, management and mediation challenges that arise when implementing a hybrid Cloud solution.
This Webinar, presented by Best Buy, Amazon Web Services and Layer 7 Technologies, looks at a specific example of the Best Buy API Developer Portal and share best practices for security, governance and mediation of enterprise services with applications in the Cloud.
Designing & Implementing Hypermedia APIs – Mike Amundsen, Principal API Archi...CA API Management
Principal API Architect Mike Amundsen presented this talk at QConn New York 2013.
Hypermedia APIs are getting some buzz. But what are they, really? What is the difference between common URI-based CRUD API designs and hypermedia-style APIs? How do you implement a hypermedia API and when does it make sense to use a hypermedia design instead of a CRUD-based approach? Based on the Mike Amundsen's multi-part InfoQ article series of the same name, this fast paced, hands-on four-hour workshop shows attendees how to design a hypermedia style API, how to implement a server that supports varying hypermedia responses, and how to build clients that can take advantage of hypermedia. Additional time will be spent exploring when clients break and how reliance on hypermedia can reduce the need for re-coding and re-deploying client applications while still supporting new features in the API. Hands-on labs include authoring a hypermedia format for your API, designing server-side components that can emit hypermedia responses, and deciding on which client-side style of hypermedia fits best for your needs. A final challenge will be to update the server-side responses with new features that do not break existing hypermedia clients.
The API pattern was created in the 1970's when 'distributed architectures' didn't even exist and was established mainly for 'centralized architectures' as it bound the communication data/logic to the business logic.
In a modern world, we have moved to distributed architectures where we now have to share the I/O... but that communication logic still remains bound in the application due to an old API pattern. This makes it so that the IO data and functionality related to a request/response cannot be shared with our edge services without duplication/entanglement. This in turn means the data/functionality in our services then cannot be synchronized.
This leads to dropped threads, poor security, bad data, bad user experience, broken application, etc.
This can ALL be fixed and improved and even lead to better speed, scalability and automation through a new API Pattern.
One obvious side effect of migrating to a microservices architecture is the need for infrastructure automation. Unfortunately, most automation systems do not take security into consideration, making production deployments orders of magnitude more complex than the initial testbed deployment.
The perfect example of this steep increase in deployment difficulty is the creation and management of Public-Key-Infrastructures (PKI). Even though the use of TLS Certificates for service to service communication is known as a best-practice, very few companies actually deploy their systems using mutually-authenticated TLS connections.
In this talk I will go over why TLS is the right solution for service to service communication, describe ways to automate the creation and management of your PKI, and present in detail how Docker's swarm orchestration system bootstraps and manages individual node certificates.
We need to create more reusable APIs, fewer "snowflakes" and better machine-readable APIs and descriptions. To this end, Mike Amundsen, Principal API Architect offers his "Top Ten things we need to STOP doing."
RESTful Web APIs – Mike Amundsen, Principal API Architect, Layer 7CA API Management
Based on the upcoming O'Reilly book "RESTful Web APIs" by Leonard Richardson and Mike Amundsen, this 1/2 day workshop covers the basics of Fielding's REST style, HTTP standards, and common practices for APIs for Web. Key topics such as how how use hypermedia to increase API flexibility and how application profiles can improve API interoperability are also covered. In addition, a wide range of existing message formats and semantic vocabularies are reviewed along with a procedure for selecting and applying these existing standards to your own implementations. Other subjects will be covered such as caching, versioning, and supporting RESTful APIs on protocols other an HTTP.Throughout the workshop, attendees will be able to apply step-by-step guidance on how to create their own RESTful Web API and share these designs with the group at the end of the session.
How to Build a Successful API Program: Best Practices For the CarrierCA API Management
More and more carriers are looking to API publishing as a way of offering new services to developers building mobile apps and cloud services. But launching an API publishing program inevitably raises questions about:
• How to maintain security when exposing internal systems and processes to external developers
• How to manage developers, weeding out the bad and rewarding the good
• How carriers can monetize their APIs
• How existing IT investments can be leveraged to maximize performance and ROI
• How building community among developers can drive revenue and minimize operating costs
This talk will give carriers the critical guidance they need to build a successful API strategy.
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
Take a fresh approach to IT security and management, designed specifically for mobile
Overview
Twenty years ago, laptops revolutionized how the enterprise conducted business. But with the laptop came a host of new security and manageability challenges that we are arguably still trying to work out. Now, mobile computing promises to be exponentially more disruptive.
It is a mistake to think you can apply yesterday’s laptop thinking to today’s mobile devices and still maintain a secure infrastructure. Mobile devices are radically different from laptops and they are evolving at a completely different pace, so they demand a fresh approach.
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCA API Management
Building cloud and API driven mobile apps introduces numerous complexities around syncing, caching, and securing data. In this presentation Alex Gaber explored numerous tools and frameworks including best practices around building HTML5 cross-platform hybrid native applications.
This presentation explains how to expose APIs in a controlled, secure manner. To control and secure APIs in this way requires an API management system able to address versioning and meter consumption without burdening either third-party developers or application consumers.
Opening SaaS applications and cloud services to outside developers is becoming critical to achieve cloud-enterprise integrations, information sharing across affiliate Web sites and enabling mobile / tablet access to data. Controlling how API's get securely exposed to different consumers requires a simple, scalable way to manage API security, address versioning and meter consumption without burdening either application developers or application consumers.
Join eBay's Chief Security Strategies Liam Lynch and Layer 7's CTO Scott Morrison for this informative presentation.
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
API Security & AI
Deb Roy, Senior Manager API Practice at Accenture
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays
apidays Australia 2023 - Platforms, Products, and People: The Power of APIs
October 11 & 12, 2023
https://www.apidays.global/australia/
API Security Breach Analysis & Empowering Devs to Make Secure APIs
Jeremy Snyder, Founder and CEO of FireTail
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
5 Ways to Get Top Mobile App Developer Talent for Your Open APIs CA API Management
Opening APIs to developers outside the enterprise can enable the creation of apps that add value to existing information assets in innovative and often unexpected ways – without the need for direct investment in app development. However, this will only happen if the enterprise can grow an ecosystem of talented developers creating cutting-edge apps that give consumers something of real value.
This webinar hosted by Layer 7 Technologies featuring Alex Don, Head of Hackathons at AT&T, will examine five keys ways that you can attract and nurture top third-party developer talent for your APIs.
ROI for APIs: Using Hackathons to Evaluate Your API ProgramCA API Management
Use hackathons to gather data on the value of your API publishing program
APIs are quickly becoming brands of their own and requiring product management strategies and marketing campaigns to be built around them to ensure they are effective. Hackathons provide a great way to grow developer awareness of APIs and attract the attention of thought leaders and influencers. But how do you demonstrate quantifiable ROI?
Join this webinar with AT&T's Developer Evangelist, Alex Donn, TechCrunch's Hackathon Events Manager Leslie Hitchcock and Layer 7's API Evangelist, Alex Gaber to learn how you can get feedback and data from hackathons that will help you prove the value of your API program.
You Will Learn
Which ROI metrics business managers want to see
What types of product research and testing you can conduct at a hackathon
How to collect feedback and data at the event
Presented by:
Leslie Hitchcock
Hackathon Events Manager
TechCrunch
Alex Donn
Developer Evangelist
AT&T
Alex Gaber
API Evangelist
Layer 7
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
Shift Left API Security- The right Way
Sanjay Nagaraj, CTO and Co-Founder at Traceable
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
From Shift Left to Full Circle - A Pragmatic Approach to Catching Up and Keeping Up With API Security
Chuck Herrin, CTO at WIB
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
API Architecture and Security
Application to API Security, drivers to the Shift
Doron Chema, CEO & Co-Founder at L7 Defense LTD.
In this presentation, Mike Amundsen, Francois Lascelles and Devon Winkworth of Layer 7 Technologies provide information on:
The latest trends in the API economy and best practices and tips for securely exposing enterprise APIs
Key issues around API Management, including access control, data security/privacy, developer management and API performance management
These slides are from our "Master Digital Channels with APIs" webinar on April 28, 2015.
The webinar provides practical guidance for any Chief Digital Officer or Chief Marketing Officer who is pushing for digital transformation within their business.
Learn more about APIs at ca.com/api
Examining today's biggest API breaches to mitigate API security vulnerabilities
Data breaches have become the top news story. And APIs are quickly becoming the hacker's new favorite attack vector. They offer a direct path to critical information and business services that can be easily stolen or disrupted. And your private APIs can be exploited just as easily as a public API. So what measures can you take to strengthen your security position?
This webinar explores recent API data breaches, the top API security vulnerabilities that are most impactful to today's enterprise and the protective measures that need to be taken to mitigate API and business exposure.
You Will Learn
-Recent breaches in the news involving APIs
-Top attacks that compromise your business
-Mitigating steps to protect your business from attacks and unauthorized access
-API Management solutions that both enable and protect your business
Learn about API Security at http://www.ca.com/api
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
Liberating the API Economy with Scale-Free Networks
The Web exhibits a feature found in many complex systems known as "Scale-Free" or "Power-Law" networks, sometimes called the "long tail" Most people think of the "long tail" as an economic and/or social property. However, it also represents physical and informational properties fundamental to the way the Web works. But the steady increase in major service outages indicate that many current Web APIs, services, and even client applications ignore this basic "law of the Web."
This talk explores the "Scale-Free" rule of complex systems and offers clear and simple advice to those planning to build and/or consume APIs for the Web. Such as what to avoid, what to plan for, what to build, and how to identify & steer clear of clients and services that fail to abide by the rules and, in the process, are making it harder for all of us to liberate the API Economy.
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
APIs are everywhere: powering mobile apps, enabling cloud computing, connecting people through social networks and helping to create the Internet of Things. Organizations of every kind are evaluating how they can leverage APIs and replicate the success of companies like Amazon, Google and Salesforce.
Join this webinar to learn about the #API360 model for enterprise API success. This model covers the full spectrum of considerations for companies looking to succeed with APIs for the long haul. You will also hear more about the upcoming #API360 Summit that will take place in Dallas on February 26.
You Will Learn
• How leading Web companies have used APIs to boost revenues and market share
• How to create an enterprise API strategy that will yield real business results
• How to institutionalize best practices that will allow your APIs to evolve and grow
Securely Open data as APIs to internal groups and third parties to generate revenue
In today's application economy, organizations are leveraging APIs to create new revenue streams. To monetize its information, the enterprise needs a way to transform data into APIs, enforce SLAs and implement a standardized fulfillment process with flexible and integrated billing systems.
This webinar will explored how enterprises can overcome these monetization challenges, using an API management solution that securely opens data to internal groups and third parties as APIs, in order to generate revenue.
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
The Information Age, 100 years on
The rise of the computer and the digital revolution is responsible for an explosion of devices, data, and connectedness. These are all enabling what is called the dawning of the Information Age. And software designers, developers, and architects all share an important responsibility for shaping and guiding the world’s progress through this axial age into the future.
However, more than 100 years ago, the work of organizing the world’s information into a single all-encompassing taxonomy had already begun. Partially influenced by the positivist doctrine of Auguste Comte, leading thinkers of the early 20th century such as the librarian Paul Otlet in Belgium, museum curator Patrick Geddes in Scotland, and educator Melvil Dewey in the US were each working to design universal classification systems that would encompass and coordinate the explosion of information appearing in libraries, museums, newspapers, magazines, and eventually even radio, movies, and television.
What did we learn in the last century? What have we forgotten? How does their work affect our current trajectory in transforming the work of software and systems design and development? What can we take from Dewey, Otlet, and Geddes with us in to the next 100 years of the Information Age.
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
Identity on the Internet is changing. Social networking has kicked off a massive change in how we integrate identity across applications. This is much more than a simple redesign of security tokens and protocols; instead it is a radical redistribution of power and control over entitlements, shifting it away from the centralized control of a cabal of directory engineers and out to the users themselves.
There are compelling reasons for this shift: it enables scaling of identity administration, and it promotes rapid and agile integration of applications. These are goals shared by the enterprise, but this change has significant implications on infrastructure, people and process. Join us to learn how you can bring modern identity management into the enterprise.
Moving beyond conventional single sign-on to seamless cross-device access with APIs
People are carrying more devices every day – with the average being 2.9 per person. Meanwhile, multitasking has gone into overdrive, as users quickly move from laptop to phone to tablet, expecting a seamless experience when accessing their favorite apps. And this expectation is not just limited to leisure and personal use – it extends to business applications.
Security has broken this seamless workflow and inhibited the mobile “stickiness” businesses are striving to achieve. This webinar with Scott Morrison and Leif Bildoy of CA Technologies will demonstrate how the right combination of identity functionality and secure APIs can help your organization to overcome these challenges and enable the multi-device universe.
You Will Learn
• What challenges must be overcome when supporting multiple mobile app types
• How SSO is evolving past mobile app access to device access
• Why the right implementation of identity and APIs will create consumer stickiness
• How the Internet of Things (IoT) is creating new business opportunities
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
Learn about innovative approaches to differentiating, extending reach and establishing trust in financial service.
Web and mobile technologies have changed the way we bank, spend money and manage our finances. Using APIs to expose backend systems is central to how financial services organizations are using these digital channels to maximize customer engagement and extend reach into new markets.
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
Today’s enterprise mobility solutions emphasize heavy-handed IT governance of devices and applications that impose a burden on developers and/or users. However, managing data and applications using high performance mobile-optimized infrastructure can enable secure, scalable apps while minimizing the effort required by developers and allowing them to focus on their strengths. Come learn how to facilitate the best of both worlds – multi-layer mobile security using modern standards and a fantastic user experience.
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
The Internet of Things (IoT) promises to improve our productivity and day-to-day lives by connecting a vast range of devices – from cell phones, to cars, to domestic appliances and even to drones. APIs represent the key technology that will make it possible to integrate and leverage information from all these “things”.
There are obvious security and privacy concerns associated with using APIs to expose data and functionality from one device to many others. So, how can we make sure hackers cannot exploit the unprecedented connectivity created by IoT? This webinar will explore key IoT use cases and explain how to address the API security requirements for these use cases.
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
The VIP networking lunch will feature a presentation by Keith Junius, Solution Architect, from Veda on ‘Implementing an API Management Platform’. Attendees will hear about how Veda has modernized their B2B API platform by deploying SOA Gateways. Join Layer 7 at this lunch to learn about:
• Design considerations for API management platforms
• Technical and business challenges faced across the whole system lifecycle
• The soft skills required to achieve a successful outcome
• Lessons learned during and after the project
• Benefits realized by the new platform
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
Today, tech-savvy consumers are always connected, using their mobile devices to compare prices, read user-generated reviews and pay for products - and many leading e-tailers already connect their customers to this information. The any time, any place connectivity enabled by mobile devices empowers all retailers to offer the kinds of enhanced shopping experiences modern consumers are becoming accustomed to.
To truly satisfy the needs of these well-informed, mobile consumers, retail organizations will need ways to create unified shopping experiences across all channels – from brick-and-mortar stores to the Web to mobile. Increasingly, offering a compelling mobile experience will become the cornerstone upon which these omni-channel shopping experiences are built.
In this webinar, you will learn how APIs can:
• Help deliver a consistent retail experience across multiple channels
• Connect retailers with social data
• Extend legacy systems to mobile apps
• Enable organizations to make real-time use of contextual data and buying patterns
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...CA API Management
Cars are already full of sensors and producing gigabytes of data, but they are not connected yet. Connecting them can represent a tremendous opportunity for several industries (insurance companies, repairs, traffic optimization...) but it certainly comes with a lot of challenges. Security and Privacy are the biggest challenges this market have to overcome, especially because it has been completely out of scope for this industry so far.
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014CA API Management
As HTTP-based APIs become more common and more standardized, mindshare and momentum is shifting from a service-oriented model to the "client-side" of the application space. It is the client application that users fall in love with and it is the client application developer that holds the keys to this relationship.
Client developers pick APIs based not just on ease of use and helpful document. Often they are selecting APIs that make their applications "look good" and APIs that can be easily "mashed up" with other service offerings into new "applications" - ones that don't rely on just one service API.
This talk reviews patterns in developer practices and trends in services and libraries -- from the increase in the number of client-side libraries such as EmberJS, Angular, and Bootstrap to the appearance of new "API composition" platforms such as Strong Loop -- that give us a picture of why it's important to identify and leverage the growing sentiment that "Clients Matter, Services Don't.
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...CA API Management
Whether it be infotainment, companion or ecommerce apps, they all have one thing in common - APIs. APIs are enabling the development of new apps both inside and outside the vehicle. But the "always on" connectivity comes with increased risk to both the user and data.
Explore common app initiatives fueling the connected car industry
Understand the intersection of connected car apps, identities and agile API platforms
Learn how to apply the right security and UX balance that drives connected car app adoption
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
3. 2007: 3.6 divorces per 1000 people
2008: 3.5 divorces per 1000 people
2009: 3.4 divorces per 1000 people
So, does this mean people are getting better at relationships?
Source: Slate http://slate.me/wGf9et
40. The New Governance
Old New
Documentation WSDL Wiki/Blog
Discovery Reg/Rep Search
Approval G10 Platform Email
Enforcement Gateway Gateway
User Provisioning IAM Portal
Community What’s that? Forum
41. The Layer 7 API
Developer Portal
API
Client
Firewall
iPhone
API
Developer
Proxy
API API
Server Portal
Enterprise
Network
42. To Summarize:
The game has changed
Clients need attention
The security problems are the same
But the names have changed
Don’t just build APIs
Build secure and managed APIs
43. Don’t Miss @RSA Conference
2012
ASEC-402: Hacking’s Gilded Age: How APIs Will
Increase IT Risk
K. Scott Morrison
Friday, March 02 10:10 a.m.
Room 302
STAR-402: Enterprise Access Control Patterns for
REST and Web API
Francois Lascelles
Friday, March 02 10:10 a.m.
Room 304
Yes, they are at the same time. You
must choose…
44. Picture Credits
Antelope Canyon 4 by klsmith– stock.exchg
Band silhouettes by mr_basmt– stock.exchg
45. For further information:
K. Scott Morrison
Chief Technology Officer & Chief Architect
Layer 7 Technologies
1100 Melville St, Suite 405
Vancouver, B.C. V6E 4A6
Canada
(800) 681-9377
smorrison@layer7tech.com
http://www.layer7tech.com
February 2012
Editor's Notes
Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?
Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?
Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?