SlideShare a Scribd company logo

API Security with Postman and Qualys

Postman
Postman

This document discusses API security testing with Postman and Qualys. It notes that APIs are widely used but often developed without security in mind. It highlights some of the top API security risks from the OWASP API Security Top 10, including broken object level authorization, broken user authentication, and broken function level authorization. The document promotes Qualys' web application scanning capabilities for APIs and its integration with tools like Postman to allow quick scanning of APIs using existing test collections. It concludes with a brief demo and emphasizes that API security is important.

Software
1 of 17
Download to read offline
API Security with Postman and Qualys Security Solution Architect, Application Security Qualys, Inc.
2 APIs Are Everywhere Highly exposed Greater likelihood of attack Constantly being probed Internet-facing APIs Custom / domain-specific For employees or contractors Often built without security considered Internal APIs Unknown risk posture No access to source code Often process critical data Vendor APIs Cloud provider not responsible for security of your apps and APIs APIs in public clouds
3 https://owasp.org/www-project-api-sec urity/ OWASP API Security Top 10 API1 Broken Object Level Authorization API2 Broken User Authentication API3 Excessive Data Exposure API4 Lack of Resources & Rate Limiting API5 Broken Function Level Authorization API6 Mass Assignment API7 Security Misconfiguration API8 Injection API9 Improper Assets Management API10 Insufficient Logging & Monitoring
OWASP API Security Top 10 - Highlights API1 Broken Object Level Authorization API2 Broken User Authentication API5 Broken Function Level Authorization
API1 Broken Object Level Authorization API1 Broken Object Level Authorization (BOLA)
API5 Broken Function Level Authorization API5 Broken Function Level Authorization
API2 Broken User Authentication API2 Broken User Authentication SolarWinds CVE-2020-10148 Administration bypass Lack of authentication Request processed before authentication is verified
API6 Mass Assignment
API6 Mass Assignment
Note on API8 Injection Frequently, practitioners feel that XSS attacks are not valid for APIs due to JSON responses If JSON is written into an application with a UI, the attack may execute Microservices - Be aware of all areas the responses are used
Qualys Web Application Scanning
Qualys WAS Highlights Unlimited scans Unlimited users Cloud based Not a point solution Massive scalability Flexible licensing Scheduled scans Ad-hoc, targeted scans Multi-site scanning Scanner pooling API scanning Out-of-Band detections Comprehensive API Splunk TA Integrations with: - Qualys WAF - CI/CD tools - Burp Suite - Bugcrowd RBAC Tagging Detection history Scheduled reports Customizable reports Retest findings Ignore findings Low TCO Scanning Flexibility Integrations Features
Postman Support
API Security - Coming Soon
Demo
Wrap-up Qualys can utilize existing Postman collections Quickly scan APIs for vulnerabilities API Security is important The OWASP API Security Top 10 is an excellent resource
Thank You! earnold@qualys.com Security Solution Architect, Application Security Qualys, Inc.

Recommended

The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World42Crunch
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019Miguel Angel Falcón Muñoz
 
Tips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesTips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesKaty Anton
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs42Crunch
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation42Crunch
 
Five Principles to API Security
Five Principles to API SecurityFive Principles to API Security
Five Principles to API SecurityIsabelle Mauny
 

Recommended

The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World42Crunch
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019Miguel Angel Falcón Muñoz
 
Tips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesTips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesKaty Anton
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs42Crunch
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation42Crunch
 
Five Principles to API Security
Five Principles to API SecurityFive Principles to API Security
Five Principles to API SecurityIsabelle Mauny
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API SecurityApigee | Google Cloud
 
Applying API Security at Scale
Applying API Security at ScaleApplying API Security at Scale
Applying API Security at ScaleNordic APIs
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
Guidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsGuidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsIsabelle Mauny
 
API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.Isabelle Mauny
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
API Security: the full story
API Security: the full storyAPI Security: the full story
API Security: the full story42Crunch
 
DevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityDevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityAvi Shulman
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines42Crunch
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixSBWebinars
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs42Crunch
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCloudIDSummit
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
API Security in a Microservices World
API Security in a Microservices WorldAPI Security in a Microservices World
API Security in a Microservices World42Crunch
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days42Crunch
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
 
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackAPI Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackNordic APIs
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanPostman
 
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays
 

More Related Content

What's hot

Applying API Security at Scale
Applying API Security at ScaleApplying API Security at Scale
Applying API Security at ScaleNordic APIs
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
Guidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsGuidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsIsabelle Mauny
 
API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.Isabelle Mauny
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
API Security: the full story
API Security: the full storyAPI Security: the full story
API Security: the full story42Crunch
 
DevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityDevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityAvi Shulman
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines42Crunch
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixSBWebinars
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs42Crunch
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCloudIDSummit
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
API Security in a Microservices World
API Security in a Microservices WorldAPI Security in a Microservices World
API Security in a Microservices World42Crunch
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days42Crunch
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
 
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackAPI Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackNordic APIs
 

What's hot (20)

Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
 
Applying API Security at Scale
Applying API Security at ScaleApplying API Security at Scale
Applying API Security at Scale
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
 
Guidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsGuidelines to protect your APIs from threats
Guidelines to protect your APIs from threats
 
API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
 
API Security: the full story
API Security: the full storyAPI Security: the full story
API Security: the full story
 
DevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityDevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless Security
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the Enterprise
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
API Security in a Microservices World
API Security in a Microservices WorldAPI Security in a Microservices World
API Security in a Microservices World
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
 
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackAPI Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An Attack
 

Similar to API Security with Postman and Qualys

Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanPostman
 
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays
 
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsAPIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsapidays
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdfVishwasN6
 
API Hijacking (1).pdf
API Hijacking (1).pdfAPI Hijacking (1).pdf
API Hijacking (1).pdfVishwas N
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdfVishwas N
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right WayAPIsecure_ Official
 
API Testing and Hacking (1).pdf
API Testing and Hacking (1).pdfAPI Testing and Hacking (1).pdf
API Testing and Hacking (1).pdfVishwas N
 
API Testing and Hacking.pdf
API Testing and Hacking.pdfAPI Testing and Hacking.pdf
API Testing and Hacking.pdfVishwas N
 
API Testing and Hacking.pdf
API Testing and Hacking.pdfAPI Testing and Hacking.pdf
API Testing and Hacking.pdfVishwasN6
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays
 
OWASPAPISecurity
OWASPAPISecurityOWASPAPISecurity
OWASPAPISecurityJie Liau
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs💻 Javier Garza
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays
 
apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...
apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...
apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...apidays
 

Similar to API Security with Postman and Qualys (20)

Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using Postman
 
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
 
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsAPIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIs
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
 
API Hijacking (1).pdf
API Hijacking (1).pdfAPI Hijacking (1).pdf
API Hijacking (1).pdf
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way
 
API Testing and Hacking (1).pdf
API Testing and Hacking (1).pdfAPI Testing and Hacking (1).pdf
API Testing and Hacking (1).pdf
 
API Testing and Hacking.pdf
API Testing and Hacking.pdfAPI Testing and Hacking.pdf
API Testing and Hacking.pdf
 
API Testing and Hacking.pdf
API Testing and Hacking.pdfAPI Testing and Hacking.pdf
API Testing and Hacking.pdf
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
OWASPAPISecurity
OWASPAPISecurityOWASPAPISecurity
OWASPAPISecurity
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
 
How To Fix The Most Critical API Security Risks.pdf
How To Fix The Most Critical API Security Risks.pdfHow To Fix The Most Critical API Security Risks.pdf
How To Fix The Most Critical API Security Risks.pdf
 
apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...
apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...
apidays LIVE London 2021 - API Security challenges and solutions by Wadii Tah...
 

More from Postman

Elevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationElevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationPostman
 
Discovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanDiscovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanPostman
 
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationOptimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationPostman
 
API testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesAPI testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesPostman
 
Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Postman
 
Five Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanFive Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanPostman
 
How to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessHow to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessPostman
 
Revolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanRevolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanPostman
 
Everything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIEverything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIPostman
 
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Postman
 
Five Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanPostman
 
Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Postman
 
How ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityHow ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityPostman
 
Exploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionExploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionPostman
 
2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and TrendsPostman
 
Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Postman
 
Testing and Developing gRPC APIs
Testing and Developing gRPC APIsTesting and Developing gRPC APIs
Testing and Developing gRPC APIsPostman
 
Testing and Developing GraphQL APIs
Testing and Developing GraphQL APIsTesting and Developing GraphQL APIs
Testing and Developing GraphQL APIsPostman
 
Introduction to API Security - Intergalactic
Introduction to API Security - IntergalacticIntroduction to API Security - Intergalactic
Introduction to API Security - IntergalacticPostman
 
Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Postman
 

More from Postman (20)

Elevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationElevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & Documentation
 
Discovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanDiscovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with Postman
 
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationOptimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
 
API testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesAPI testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation Techniques
 
Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)
 
Five Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanFive Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with Postman
 
How to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessHow to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future Success
 
Revolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanRevolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with Postman
 
Everything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIEverything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPI
 
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
 
Five Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
 
Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs
 
How ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityHow ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in Popularity
 
Exploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionExploring Postman’s VS Code Extension
Exploring Postman’s VS Code Extension
 
2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends
 
Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World
 
Testing and Developing gRPC APIs
Testing and Developing gRPC APIsTesting and Developing gRPC APIs
Testing and Developing gRPC APIs
 
Testing and Developing GraphQL APIs
Testing and Developing GraphQL APIsTesting and Developing GraphQL APIs
Testing and Developing GraphQL APIs
 
Introduction to API Security - Intergalactic
Introduction to API Security - IntergalacticIntroduction to API Security - Intergalactic
Introduction to API Security - Intergalactic
 
Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2
 

Recently uploaded

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 

Recently uploaded (20)

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 

API Security with Postman and Qualys

  • 1. API Security with Postman and Qualys Security Solution Architect, Application Security Qualys, Inc.
  • 2. 2 APIs Are Everywhere Highly exposed Greater likelihood of attack Constantly being probed Internet-facing APIs Custom / domain-specific For employees or contractors Often built without security considered Internal APIs Unknown risk posture No access to source code Often process critical data Vendor APIs Cloud provider not responsible for security of your apps and APIs APIs in public clouds
  • 3. 3 https://owasp.org/www-project-api-sec urity/ OWASP API Security Top 10 API1 Broken Object Level Authorization API2 Broken User Authentication API3 Excessive Data Exposure API4 Lack of Resources & Rate Limiting API5 Broken Function Level Authorization API6 Mass Assignment API7 Security Misconfiguration API8 Injection API9 Improper Assets Management API10 Insufficient Logging & Monitoring
  • 4. OWASP API Security Top 10 - Highlights API1 Broken Object Level Authorization API2 Broken User Authentication API5 Broken Function Level Authorization
  • 5. API1 Broken Object Level Authorization API1 Broken Object Level Authorization (BOLA)
  • 6. API5 Broken Function Level Authorization API5 Broken Function Level Authorization
  • 7. API2 Broken User Authentication API2 Broken User Authentication SolarWinds CVE-2020-10148 Administration bypass Lack of authentication Request processed before authentication is verified
  • 10. Note on API8 Injection Frequently, practitioners feel that XSS attacks are not valid for APIs due to JSON responses If JSON is written into an application with a UI, the attack may execute Microservices - Be aware of all areas the responses are used
  • 12. Qualys WAS Highlights Unlimited scans Unlimited users Cloud based Not a point solution Massive scalability Flexible licensing Scheduled scans Ad-hoc, targeted scans Multi-site scanning Scanner pooling API scanning Out-of-Band detections Comprehensive API Splunk TA Integrations with: - Qualys WAF - CI/CD tools - Burp Suite - Bugcrowd RBAC Tagging Detection history Scheduled reports Customizable reports Retest findings Ignore findings Low TCO Scanning Flexibility Integrations Features
  • 14. API Security - Coming Soon
  • 15. Demo
  • 16. Wrap-up Qualys can utilize existing Postman collections Quickly scan APIs for vulnerabilities API Security is important The OWASP API Security Top 10 is an excellent resource
  • 17. Thank You! earnold@qualys.com Security Solution Architect, Application Security Qualys, Inc.