SlideShare a Scribd company logo

apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Steinherz, Syber.ai

Download as PPTX, PDF
apidays
apidays

apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance April 21 & 22, 2021 Novel approaches in API security Dr Tal Steinherz, CTO at Syber.ai ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Technology
1 of 25
Dr. Tal Steinherz, Co-Founder & CTO Syber.ai Novel approaches in API security
Today’s speaker Former CTO, Israel National Cyber Directorate Former head of Cyber R&D division in the Prime Minister’s office A record of delivering groundbreaking innovations PhD in machine learning Dr. Tal Steinherz, CTO 2
API Protection is a Major Issue
We live in an API Economy. Everyone needs API protection “By 2022, 50% of web attacks will be through APIs” Gartner 4 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19 “The size of the API economy was $2.2 Trillion in 2018” Ovum
APIs present: Insecurity by Design
What makes API so vulnerable? • Open architecture • Agile development cycles • Many stakeholders • Uncontrolled users 6
Companies face many API-related concerns • Are there APIs that the organization is not aware of? • Is there personal information that is leaking? • Are we compliant with regulations? (HIPAA, Open Banking) • Who is using our APIs? • Is the usage authorized and reasonable? 7
Confidential What does good API protection include? 8 Hacking Malicious actors attacking the APIs Abuse Customers with valid credentials that are abusing their privileges. A revenue assurance risk Data Leaks Misconfiguration leading to personal information leaks A regulatory concern.
What Is Required?
10 Specific requirements • Agentless • Hybrid (on-prem and in the cloud) • Transparent (no performance penalties) • For some customers: compliant with (privacy) regulations • Adjustable (to business logic) General requirements • API discovery • Anomaly detection • Investigation • Remediation
How Should One Protect APIs?
The Spectrum of API Security Solutions Development Production RASP API collaboration tools OpenAPI validation API BAS WAF Anti-bot API GW Network-based API monitoring RASP = Runtime Application Self Protection BAS = Breach and Attack Simulation API Agents Goal: design, document and perform development testing of APIs Goal: protect organizations against malicious API attacks, API data leaks and API abuses
A novel approach: Deep Message Inspection
• Content (payload) inspection • Multi-level profiling for every interaction between any user and any endpoint • PII detection and association • Time series and correlation 14
The importance of Deep Message Inspection • Discovers APIs and builds an API catalog • Detects leaking personal information • Offers vertical-specific intelligence: Open Banking, HIPAA • Cross-correlates multiple profiles to reduce false alerts • Detects APIs that deviate from their Swagger/GraphQL definitions • Captures API sessions of interest for deeper inspection and analysis 15
Extracting valuable information APIs carry a lot of repetitive data, Identifying the unique information allows us to: • Detect anomalies • Dramatically reduce the storage required to store significant transaction history 16
Example : Banking API 17 Endpoint identifier DF56KR User ID 5934023 Account number 891 5533 4567 $15,430 -- -- Account number 891 5577 1234 $79,023 -- -- Account number 891 5533 4567 $15,430 Credit rating 640 -- -- Account number 891 5533 4567 $15,430 Account number 891 5533 4568 $4,699 Account number 891 5533 4569 $1,700 Normal: Someone else’s data: Data leak: Potential attack:
Confidential Contact Information 18 https://www.linkedin.com/in/talsteinherz/ Tal@syber.ai https://syber.ai/
The importance of profiling on multiple dimensions 19 The benefits of multi-dimensional profiling • Profiling in multiple dimensions helps discover the full range of threats • Cross-correlating these dimensions dramatically reduces false alarms What we profile • Call: a single API request/response pair • Session: a set of consecutive API calls with the same credentials • User: a history of sessions for each user • IP: aggregated calls from the same IP address over time • API: all calls to the same API endpoint
The Importance of flexible deployment models 20 As an API Proxy • Instant deployment • Useful for 3rd party cloud-to-cloud (e.g. Teams to Hubspot, Salesforce to Marketo) • Can filter traffic As an API Sniffer • Receive a copy of the API Traffic • Supports cloud and on-prem deployments • Agentless • No impact on API reliability • No impact on API performance
Confidential The API protection problem is nearing an inflection point 21 Regulations Privacy regulations mandate securing the APIs Remote access Fewer in-person transactions. More remote work CISOs understand Existing security solutions don’t work for APIs Open banking Regulators forcing banks to open their API Hackers notice APIs are the next frontier in cybercrime
Typical on-premise deployment 22 API Servers Clients API Calls Load Balancer & SSL Terminator Tap API Sniffer Best Practices • Agentless • Not in-line • Vendor-agnostic
Confidential It is important to understand the specific API issues of each business process Generic API issues API issues specific to Open Banking API issues specific to Health applications API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance 23
Supporting cloud AND on-prem deployments 24 On-prem is important because • Many organizations still have most of their APIs on-prem. Thus, cloud-only solutions are not sufficient • GDPR and other regulations are causing some companies to remain on-prem • Cloud bills are causing some organizations to return to on-prem • On-prem installations have greater risk of misconfigurations and risk Cloud is important because • New-economy companies are cloud- centric • Many established organizations are moving to the cloud
We live in an API Economy. Everyone needs API security “By 2022, 50% of web attacks will be through APIs” Gartner 25 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19

Recommended

apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays
 
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
apidays
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays
 
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays
 
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAPI Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of Microservices
Akana
 
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays
 
Embedded Finance - the $7 Trillion market opportunity
Embedded Finance - the $7 Trillion market opportunityEmbedded Finance - the $7 Trillion market opportunity
Embedded Finance - the $7 Trillion market opportunity
Simon Torrance
 
Will Open Banking trigger the API of Me? (Chris Wood)
Will Open Banking trigger the API of Me? (Chris Wood)Will Open Banking trigger the API of Me? (Chris Wood)
Will Open Banking trigger the API of Me? (Chris Wood)
Nordic APIs
 

Recommended

apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays
 
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
apidays
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays
 
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays
 
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAPI Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of Microservices
Akana
 
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays
 
Embedded Finance - the $7 Trillion market opportunity
Embedded Finance - the $7 Trillion market opportunityEmbedded Finance - the $7 Trillion market opportunity
Embedded Finance - the $7 Trillion market opportunity
Simon Torrance
 
Will Open Banking trigger the API of Me? (Chris Wood)
Will Open Banking trigger the API of Me? (Chris Wood)Will Open Banking trigger the API of Me? (Chris Wood)
Will Open Banking trigger the API of Me? (Chris Wood)
Nordic APIs
 
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
WSO2
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays
 
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays
 
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?
Apigee | Google Cloud
 
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays
 
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
apidays
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)
apidays
 
Identity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsIdentity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management Systems
ForgeRock
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & Automation
ForgeRock
 
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
apidays
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIs
AaronLieberman5
 

More Related Content

What's hot

apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
WSO2
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays
 
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays
 
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?
Apigee | Google Cloud
 
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays
 
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
apidays
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)
apidays
 
Identity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsIdentity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management Systems
ForgeRock
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & Automation
ForgeRock
 
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays
 

What's hot (20)

apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
 
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
 
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?
 
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
 
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)
 
Identity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsIdentity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management Systems
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & Automation
 
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
 

Similar to apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Steinherz, Syber.ai

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
apidays
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIs
AaronLieberman5
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
WSO2
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
FahmiDzikrullah
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays
 
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
apidays
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?
APIsecure_ Official
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
Api security-present
Api security-presentApi security-present
Api security-present
Security Bootcamp
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
Avi Networks
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
Ping Identity
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Rogue Wave Software
 
Zymr Fintech app development
Zymr Fintech app development Zymr Fintech app development
Zymr Fintech app development
Zymr Inc
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital Economy
WSO2
 
Api management customer
Api management customerApi management customer
Api management customer
nick_garrod
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
APIsecure_ Official
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
Prof. Jacques Folon (Ph.D)
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation
APIsecure_ Official
 

Similar to apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Steinherz, Syber.ai (20)

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIs
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdf
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
 
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Api security-present
Api security-presentApi security-present
Api security-present
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Zymr Fintech app development
Zymr Fintech app development Zymr Fintech app development
Zymr Fintech app development
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital Economy
 
Api management customer
Api management customerApi management customer
Api management customer
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation
 

More from apidays

Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
apidays
 
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
apidays
 
Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...
apidays
 
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
apidays
 
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
apidays
 
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
apidays
 
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
apidays
 
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
apidays
 
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
apidays
 
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, OsaangoApidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
apidays
 
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
apidays
 
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, ZuploApidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
apidays
 
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
apidays
 
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss AdamsApidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
apidays
 
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
apidays
 
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
apidays
 
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
apidays
 
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, DanoneApidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
apidays
 
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
apidays
 
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
apidays
 

More from apidays (20)

Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...
 
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...
 
Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...Apidays Helsinki 2024 - What is next now that your organization created a (si...
Apidays Helsinki 2024 - What is next now that your organization created a (si...
 
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
 
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...
 
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
 
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...
 
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...
 
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...
 
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, OsaangoApidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
 
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...
 
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, ZuploApidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuplo
 
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...
 
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss AdamsApidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adams
 
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...Apidays New York 2024 - Prototype-first - A modern API development workflow b...
Apidays New York 2024 - Prototype-first - A modern API development workflow b...
 
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...
 
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...
 
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, DanoneApidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danone
 
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...
 
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 

apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Steinherz, Syber.ai

  • 1. Dr. Tal Steinherz, Co-Founder & CTO Syber.ai Novel approaches in API security
  • 2. Today’s speaker Former CTO, Israel National Cyber Directorate Former head of Cyber R&D division in the Prime Minister’s office A record of delivering groundbreaking innovations PhD in machine learning Dr. Tal Steinherz, CTO 2
  • 3. API Protection is a Major Issue
  • 4. We live in an API Economy. Everyone needs API protection “By 2022, 50% of web attacks will be through APIs” Gartner 4 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19 “The size of the API economy was $2.2 Trillion in 2018” Ovum
  • 6. What makes API so vulnerable? • Open architecture • Agile development cycles • Many stakeholders • Uncontrolled users 6
  • 7. Companies face many API-related concerns • Are there APIs that the organization is not aware of? • Is there personal information that is leaking? • Are we compliant with regulations? (HIPAA, Open Banking) • Who is using our APIs? • Is the usage authorized and reasonable? 7
  • 8. Confidential What does good API protection include? 8 Hacking Malicious actors attacking the APIs Abuse Customers with valid credentials that are abusing their privileges. A revenue assurance risk Data Leaks Misconfiguration leading to personal information leaks A regulatory concern.
  • 10. 10 Specific requirements • Agentless • Hybrid (on-prem and in the cloud) • Transparent (no performance penalties) • For some customers: compliant with (privacy) regulations • Adjustable (to business logic) General requirements • API discovery • Anomaly detection • Investigation • Remediation
  • 11. How Should One Protect APIs?
  • 12. The Spectrum of API Security Solutions Development Production RASP API collaboration tools OpenAPI validation API BAS WAF Anti-bot API GW Network-based API monitoring RASP = Runtime Application Self Protection BAS = Breach and Attack Simulation API Agents Goal: design, document and perform development testing of APIs Goal: protect organizations against malicious API attacks, API data leaks and API abuses
  • 13. A novel approach: Deep Message Inspection
  • 14. • Content (payload) inspection • Multi-level profiling for every interaction between any user and any endpoint • PII detection and association • Time series and correlation 14
  • 15. The importance of Deep Message Inspection • Discovers APIs and builds an API catalog • Detects leaking personal information • Offers vertical-specific intelligence: Open Banking, HIPAA • Cross-correlates multiple profiles to reduce false alerts • Detects APIs that deviate from their Swagger/GraphQL definitions • Captures API sessions of interest for deeper inspection and analysis 15
  • 16. Extracting valuable information APIs carry a lot of repetitive data, Identifying the unique information allows us to: • Detect anomalies • Dramatically reduce the storage required to store significant transaction history 16
  • 17. Example : Banking API 17 Endpoint identifier DF56KR User ID 5934023 Account number 891 5533 4567 $15,430 -- -- Account number 891 5577 1234 $79,023 -- -- Account number 891 5533 4567 $15,430 Credit rating 640 -- -- Account number 891 5533 4567 $15,430 Account number 891 5533 4568 $4,699 Account number 891 5533 4569 $1,700 Normal: Someone else’s data: Data leak: Potential attack:
  • 19. The importance of profiling on multiple dimensions 19 The benefits of multi-dimensional profiling • Profiling in multiple dimensions helps discover the full range of threats • Cross-correlating these dimensions dramatically reduces false alarms What we profile • Call: a single API request/response pair • Session: a set of consecutive API calls with the same credentials • User: a history of sessions for each user • IP: aggregated calls from the same IP address over time • API: all calls to the same API endpoint
  • 20. The Importance of flexible deployment models 20 As an API Proxy • Instant deployment • Useful for 3rd party cloud-to-cloud (e.g. Teams to Hubspot, Salesforce to Marketo) • Can filter traffic As an API Sniffer • Receive a copy of the API Traffic • Supports cloud and on-prem deployments • Agentless • No impact on API reliability • No impact on API performance
  • 21. Confidential The API protection problem is nearing an inflection point 21 Regulations Privacy regulations mandate securing the APIs Remote access Fewer in-person transactions. More remote work CISOs understand Existing security solutions don’t work for APIs Open banking Regulators forcing banks to open their API Hackers notice APIs are the next frontier in cybercrime
  • 22. Typical on-premise deployment 22 API Servers Clients API Calls Load Balancer & SSL Terminator Tap API Sniffer Best Practices • Agentless • Not in-line • Vendor-agnostic
  • 23. Confidential It is important to understand the specific API issues of each business process Generic API issues API issues specific to Open Banking API issues specific to Health applications API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance 23
  • 24. Supporting cloud AND on-prem deployments 24 On-prem is important because • Many organizations still have most of their APIs on-prem. Thus, cloud-only solutions are not sufficient • GDPR and other regulations are causing some companies to remain on-prem • Cloud bills are causing some organizations to return to on-prem • On-prem installations have greater risk of misconfigurations and risk Cloud is important because • New-economy companies are cloud- centric • Many established organizations are moving to the cloud
  • 25. We live in an API Economy. Everyone needs API security “By 2022, 50% of web attacks will be through APIs” Gartner 25 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19