The difference between Web Apps, Web Services, and Web APIs, and how getting into Web APIs will change the way you do authentication and access control.
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
As APIs continue to drive digital transformation efforts in the enterprise and support innovative customer experiences, securing them has never been more important.
Principal Regional Solution Architect, Philippe Dubuc introduces how to leverage OpenID Connect, OAuth2 and new emerging standards to protect APIs at API Days Paris on 11 December, 2018. In addition, Philippe goes over how the Intelligent Ping Identity Platform can be used to protect APIs in a pro-active way and how AI can help to protect against attacks.
Learn more: http://ow.ly/2Ojm30n1rCT
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
Why do we use mobile devices? Simple – they’re easy to use and very convenient. So, why do we make it so hard for mobile consumers to do business with us by confronting them with multiple login screens and passwords? While security is essential to protecting mobile usage, convenience cannot be sacrificed.
With the release of the CA Layer 7 Mobile Access Gateway 2.0 and its Mobile SDK, organizations can now achieve faster mobile consumer engagement, end-to-end mobile app security and convenient mobile Single Sign-On (SSO). In this webinar, Tyson Whitten and Leif Bildoy of CA Technologies explore the why and how of mobile SSO and the Mobile Access Gateway.
You will learn
• The mobile app choices you need to make to enable better consumer engagement
• The connectivity and security implications of these choices
• The mobile security solutions that balance security and convenience
What secure standards are there when working with a new API? And why should you care?
Presented by Travis Spencer from Twobo Technologies at Nordic APIs in Trondheim, June 11 - 2013
Presented at the Open Banking Summit see why four of the top five US banks and some of the largest global insurance companies use Akana to harness the power of their technology and transform their businesses.
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
As APIs continue to drive digital transformation efforts in the enterprise and support innovative customer experiences, securing them has never been more important.
Principal Regional Solution Architect, Philippe Dubuc introduces how to leverage OpenID Connect, OAuth2 and new emerging standards to protect APIs at API Days Paris on 11 December, 2018. In addition, Philippe goes over how the Intelligent Ping Identity Platform can be used to protect APIs in a pro-active way and how AI can help to protect against attacks.
Learn more: http://ow.ly/2Ojm30n1rCT
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
Why do we use mobile devices? Simple – they’re easy to use and very convenient. So, why do we make it so hard for mobile consumers to do business with us by confronting them with multiple login screens and passwords? While security is essential to protecting mobile usage, convenience cannot be sacrificed.
With the release of the CA Layer 7 Mobile Access Gateway 2.0 and its Mobile SDK, organizations can now achieve faster mobile consumer engagement, end-to-end mobile app security and convenient mobile Single Sign-On (SSO). In this webinar, Tyson Whitten and Leif Bildoy of CA Technologies explore the why and how of mobile SSO and the Mobile Access Gateway.
You will learn
• The mobile app choices you need to make to enable better consumer engagement
• The connectivity and security implications of these choices
• The mobile security solutions that balance security and convenience
What secure standards are there when working with a new API? And why should you care?
Presented by Travis Spencer from Twobo Technologies at Nordic APIs in Trondheim, June 11 - 2013
Presented at the Open Banking Summit see why four of the top five US banks and some of the largest global insurance companies use Akana to harness the power of their technology and transform their businesses.
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
Presenter: Loren Russon, Ping Identity VP of Products Management and Design.
Managing digital identities and access control for users, applications and things remains one of the greatest challenges facing cloud computing today. This has led to a new cloud security service paradigm that requires your organization to reevaluate the criteria for designing and implementing identity and access management (IAM) services across data centers, and private and public cloud infrastructure. This new criteria addresses the continued transformation to the cloud, mobile and internet of things (IoT), and the increased demand for open business balanced by user data security found in initiatives such as GDPR, Open Banking and PSD2. In this session, you will learn about key requirements and design principles required for modern IAM systems, and how to effectively drive digital transformation, address user data security regulations and ensure you successfully manage your company’s transformation to the cloud.
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
Take a fresh approach to IT security and management, designed specifically for mobile
Overview
Twenty years ago, laptops revolutionized how the enterprise conducted business. But with the laptop came a host of new security and manageability challenges that we are arguably still trying to work out. Now, mobile computing promises to be exponentially more disruptive.
It is a mistake to think you can apply yesterday’s laptop thinking to today’s mobile devices and still maintain a secure infrastructure. Mobile devices are radically different from laptops and they are evolving at a completely different pace, so they demand a fresh approach.
You Can't Spell Enterprise Security without MFA Ping Identity
Sure, you can spell enterprise security without the letters M-F-A, but the modern digital enterprise isn't as secure without a strong multi-factor authentication (MFA) strategy. Enterprises are under attack, and credentials are a primary target. Many leading enterprises are enhancing their security and control with MFA, allowing them to move away from a high-risk, password-based security approach and to give their employees, partners, and customers a better user experience. View this slide deck for best practices for a MFA strategy.
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
The bring-your-own-device (BYOD) trend is in full swing as the growth of mobile devices within the enterprise explodes. How do you enable secure data access for mobile applications? How do you deal with user authentication? How do you allow broader adoption of enterprise applications on user owned devices? CA and Layer 7 outline solutions to these issues, explore different approaches to mobile security, and use case studies to illustrate how others have solved these problems.
This workshop was all about:
• The latest mobile trends and opportunities
• Emerging mobile risks and how these can be addressed
• A reference architecture for secure enterprise mobility
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Eve Maler
On 20 October 2014, I spoke at #IOTAconf at Moscone Center in SF (with awesome display help from Param Singh!) on "Consumerizing IndustrialIoT Access Control: Using UMA to Add Privacy and Usability to Strong Security".
Abstract: "The first couple of chapters of authorization and access control are still being written even when it comes to old-fashioned web services and newfangled APIs, never mind the Internet of Things. IoT security has needs that go way beyond the current scope of cloud and mobile challenges: super-loosely coupled, super-strong, and more. Everyone can imagine security-gone-wrong scenarios that have disastrous consequences for industrial IoT use cases. For consumer-facing IoT in healthcare, household appliances, and more, the consequences are different but no less severe, and it adds a killer requirement: privacy. How can we solve the problems of access control and privacy in a unified way, without compromise? And how can we solve the problem NOW? The OAuth-based User-Managed Access (UMA) protocol provides answers."
apidays LIVE Singapore 2021 - Securing the Open Source supply chain by Liran ...apidays
apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance
April 21 & 22, 2021
Securing the Open Source supply chain
Liran Tal, Director of Developer Advocacy at Snyk
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays
apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance
April 21 & 22, 2021
Protecting the API ecosystem
Omaru Maruatona, CEO of Aiculus
apidays LIVE LONDON - API Abuse - Comprehension and Prevention by David Stewartapidays
apidays LIVE LONDON - The Road to Embedded Finance, Banking and Insurance with APIs
API Abuse - Comprehension and Prevention
David Stewart, CEO at CriticalBlue
CIS14: Protecting Your APIs from Threats and HacksCloudIDSummit
Sachin Agarwal, SOA Software
Overview of common API security hacks and threats and best practices to secure your APIs against these threats such as detection and prevention of Denial of Service (DoS) attacks, malformed messages or excessive XML/JSON depth and breadth, message Encryption and rate limiting, and development and governance methodologies that need to be adopted to ensure security compliance.
Gartner’s statement that “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” is often quoted, but what does an API abuse attack actually look and feel like?
At last year’s Platform Summit, I described 3 different types of API abuse at a high level, summarizing who abuses and why.
The year I will go into anatomical and forensic detail on one specific API abuse attack based on our real experiences, explaining what it looked and felt like through the exploration and probing phase, into the setup and test stage, and finally into the at scale exploitation.
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jainCloudIDSummit
Ashish Jain, VMware
A look at the use cases for Mobile SSO, what are the gaps and what are the various industry initiatives available today, along with a review of the NAPPS standard—an OpenID Connect Profile to address various Mobile SSO flows.
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
APIs create incredible business opportunities. But how do you recognize the real value among all the hype? This session will take a frank look at the good and bad decisions that are being made by organisations seeking to harness the power of APIs
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
Presenter: Loren Russon, Ping Identity VP of Products Management and Design.
Managing digital identities and access control for users, applications and things remains one of the greatest challenges facing cloud computing today. This has led to a new cloud security service paradigm that requires your organization to reevaluate the criteria for designing and implementing identity and access management (IAM) services across data centers, and private and public cloud infrastructure. This new criteria addresses the continued transformation to the cloud, mobile and internet of things (IoT), and the increased demand for open business balanced by user data security found in initiatives such as GDPR, Open Banking and PSD2. In this session, you will learn about key requirements and design principles required for modern IAM systems, and how to effectively drive digital transformation, address user data security regulations and ensure you successfully manage your company’s transformation to the cloud.
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
Take a fresh approach to IT security and management, designed specifically for mobile
Overview
Twenty years ago, laptops revolutionized how the enterprise conducted business. But with the laptop came a host of new security and manageability challenges that we are arguably still trying to work out. Now, mobile computing promises to be exponentially more disruptive.
It is a mistake to think you can apply yesterday’s laptop thinking to today’s mobile devices and still maintain a secure infrastructure. Mobile devices are radically different from laptops and they are evolving at a completely different pace, so they demand a fresh approach.
You Can't Spell Enterprise Security without MFA Ping Identity
Sure, you can spell enterprise security without the letters M-F-A, but the modern digital enterprise isn't as secure without a strong multi-factor authentication (MFA) strategy. Enterprises are under attack, and credentials are a primary target. Many leading enterprises are enhancing their security and control with MFA, allowing them to move away from a high-risk, password-based security approach and to give their employees, partners, and customers a better user experience. View this slide deck for best practices for a MFA strategy.
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
The bring-your-own-device (BYOD) trend is in full swing as the growth of mobile devices within the enterprise explodes. How do you enable secure data access for mobile applications? How do you deal with user authentication? How do you allow broader adoption of enterprise applications on user owned devices? CA and Layer 7 outline solutions to these issues, explore different approaches to mobile security, and use case studies to illustrate how others have solved these problems.
This workshop was all about:
• The latest mobile trends and opportunities
• Emerging mobile risks and how these can be addressed
• A reference architecture for secure enterprise mobility
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Eve Maler
On 20 October 2014, I spoke at #IOTAconf at Moscone Center in SF (with awesome display help from Param Singh!) on "Consumerizing IndustrialIoT Access Control: Using UMA to Add Privacy and Usability to Strong Security".
Abstract: "The first couple of chapters of authorization and access control are still being written even when it comes to old-fashioned web services and newfangled APIs, never mind the Internet of Things. IoT security has needs that go way beyond the current scope of cloud and mobile challenges: super-loosely coupled, super-strong, and more. Everyone can imagine security-gone-wrong scenarios that have disastrous consequences for industrial IoT use cases. For consumer-facing IoT in healthcare, household appliances, and more, the consequences are different but no less severe, and it adds a killer requirement: privacy. How can we solve the problems of access control and privacy in a unified way, without compromise? And how can we solve the problem NOW? The OAuth-based User-Managed Access (UMA) protocol provides answers."
apidays LIVE Singapore 2021 - Securing the Open Source supply chain by Liran ...apidays
apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance
April 21 & 22, 2021
Securing the Open Source supply chain
Liran Tal, Director of Developer Advocacy at Snyk
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays
apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance
April 21 & 22, 2021
Protecting the API ecosystem
Omaru Maruatona, CEO of Aiculus
apidays LIVE LONDON - API Abuse - Comprehension and Prevention by David Stewartapidays
apidays LIVE LONDON - The Road to Embedded Finance, Banking and Insurance with APIs
API Abuse - Comprehension and Prevention
David Stewart, CEO at CriticalBlue
CIS14: Protecting Your APIs from Threats and HacksCloudIDSummit
Sachin Agarwal, SOA Software
Overview of common API security hacks and threats and best practices to secure your APIs against these threats such as detection and prevention of Denial of Service (DoS) attacks, malformed messages or excessive XML/JSON depth and breadth, message Encryption and rate limiting, and development and governance methodologies that need to be adopted to ensure security compliance.
Gartner’s statement that “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” is often quoted, but what does an API abuse attack actually look and feel like?
At last year’s Platform Summit, I described 3 different types of API abuse at a high level, summarizing who abuses and why.
The year I will go into anatomical and forensic detail on one specific API abuse attack based on our real experiences, explaining what it looked and felt like through the exploration and probing phase, into the setup and test stage, and finally into the at scale exploitation.
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jainCloudIDSummit
Ashish Jain, VMware
A look at the use cases for Mobile SSO, what are the gaps and what are the various industry initiatives available today, along with a review of the NAPPS standard—an OpenID Connect Profile to address various Mobile SSO flows.
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
APIs create incredible business opportunities. But how do you recognize the real value among all the hype? This session will take a frank look at the good and bad decisions that are being made by organisations seeking to harness the power of APIs
You want to start integrating security in your web application project but you don't know where to start and don't have access to software security professionals. What are the "cheapest" while very efficient activities that you can already do by yourself?
Agenda:
-Understanding the need for information security and privacy
-Secure design: key principles
-Threat modeling and analysis: building your first threat model and identifying the major risks in your web application
- Testing the security of your web application
- Understanding the big picture: what is a secure SDLC
- Cheap and efficient security activities that might be started immediatly in your SDLC
IoT And Inevitable Decentralization of The InternetPaul Brody
The Internet of things isn't just here, it's inevitable and it's going to re-architect the internet as a result. It's time to drop our obsession with analytics and focus on value creation.
Patterns and Antipatterns in Enterprise SecurityWSO2
To view recording of this webinar please use below URL:
Attacks against information systems is on the rise making enterprise security a major concern. It’s important to identify and address security needs such as confidentiality, integrity, availability and auditability of information. Enterprise security patterns facilitate balanced and informed decisions about security needs, as well as provide a rationale for the evolution of security needs over time. Antipatterns, which are fostered by misapplications of concepts and misunderstandings of security concerns, should be avoided. Enterprise security patterns and antipatterns solve these security concerns by addressing recurrent problems and challenges. These security patterns facilitate balanced and informed decisions about security needs, avoid the misapplication of concepts and misunderstanding of security concerns and provide a rationale for evolution of security needs over time.
This webinar will
Deep dive into enterprise security patterns and antipatterns
Explore the importance of using them
Discuss how to apply them with WSO2 Identity Server
The End of the Fortress: The new Approach to CybersecurityMarc Nader
Presentation delivered at the Cybercrime conference of the World Union of Arab Bankers on Nov 5th, 2016.
It explains how digital technologies are pushing us to rethink the traditional model of securing the enterprise.
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
The intent of the paper is to propose a simple yet comprehensive technique to model enterprise security architecture and design aligned to SABSA that enables –
Standardisation of SABSA Enterprise Security Architecture framework by formalizing common language used in the form of ESA modelling notation
Reusability of model artefacts (not documents) to enable enterprise and department level collaboration and knowledge management
Generic or organisation specific Library of assets for various ESA artefacts such as – Business attribute profile(s), security services, mechanisms and components and associated views
Tool-assisted development using a separate toolbox for ESA that augments Enterprise Architecture (ToGAF) modelling using Archimate.
Part 2 of the study with the accompanying book: https://msdn.microsoft.com/en-us/library/ff649874.aspx
This is a n architectural study for making application software resilient to security threat.
For more than a decade, organizations trust in network perimeter protection such as firewalls or intrusion prevention systems to protect their IT infrastructures from the internet threats. However, traditional network security protection may not be sufficient to safeguard from the new threats targetting security flaws in web servers and web applications. In order to defend the threats related to these services and applications, it is essential to understand the risks commonly found in web applications.
This presentation explains the needs of application security as the last line of defense, common web application risks and security measures need to be implemented alongside the development of web applications.
От простого к сложному: автоматизируем ручные тест-планы | Сергей ТимченкоPositive Hack Days
1. Смотрим по сторонам - обычный процесс авто-тестирования
2. Убираем лишнее - реалистичный целевой процесс
3. DataDrivenTesting - создание спец. инструментов для конкретных сценариев
4. RobotFramework - что делать, если простых сценариев слишком много
Инструментарий для создания дистрибутивов продуктов | Владимир СелинPositive Hack Days
1. Что такое дистрибутив большого продукта?
2. Проблема: знаниями о процессе установки продукта владеет малое число людей.
3. Шаблоны + DSL - решение всех проблем!
SupplyLab - публикация, доставка, развёртывание, лицензирование | Александр П...Positive Hack Days
1. Организация открытой системы управления полным циклом доставки, развёртывания и лицензирования до Заказчика.
2. Проектирование системы публикации, доставки, развёртывания и лицензирования - SupplyLab.
The Business of APIs, an Introduction for Everyone ElseGreg Kliewer
What's all this buzz about APIs? Why should you care? Well, if you run a business of any scale or size, chances are you have good reason to care. This presentation will walk you through some of the technology trends that are driving businesses across all industries to take a hard look at deploying APIs into their existing core systems and assets.
Enterprise API : Best practice for World class API ecosystem is an attempt on my part to explain the best practice in deploying API infrastructure in the organization.
CIS13: Mobile Single Sign-On: Extending SSO Out to the ClientCloudIDSummit
Scott Morrison, Chief Technology Officer, Layer7
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.
Moving beyond conventional single sign-on to seamless cross-device access with APIs
People are carrying more devices every day – with the average being 2.9 per person. Meanwhile, multitasking has gone into overdrive, as users quickly move from laptop to phone to tablet, expecting a seamless experience when accessing their favorite apps. And this expectation is not just limited to leisure and personal use – it extends to business applications.
Security has broken this seamless workflow and inhibited the mobile “stickiness” businesses are striving to achieve. This webinar with Scott Morrison and Leif Bildoy of CA Technologies will demonstrate how the right combination of identity functionality and secure APIs can help your organization to overcome these challenges and enable the multi-device universe.
You Will Learn
• What challenges must be overcome when supporting multiple mobile app types
• How SSO is evolving past mobile app access to device access
• Why the right implementation of identity and APIs will create consumer stickiness
• How the Internet of Things (IoT) is creating new business opportunities
My presentation from Gartner IAM 2014.
"As connected devices dominate the enterprise thanks to cloud and mobile, legacy identity access management solutions are failing to keep up. Companies are realizing the benefits of next generation IAM to make authentication a seamless process for IT and end users alike. In this session, Patrick Harding, CTO of Ping Identity, will provide an overview of the six pillars of the next generation IAM and make a case for why it’s time to embrace a new era of IAM."
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
More and more enterprises today are doing business by opening up their data and applications through APIs. Though forward-thinking and strategic, exposing APIs also increases the surface area for potential attack by hackers. To benefit from APIs while staying secure, enterprises and security architects need to continue to develop a deep understanding about API security and how it differs from traditional web application security or mobile application security.
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
Understanding how emerging standards like OAuth and OpenID Connect impact federation
Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience.
This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards.
You Will Learn
Best practices for federating identity across mobile and cloud
How emerging identity federation standards will impact your infrastructure
How to implement an identity-centric API security and management infrastructure
Presenters
Ehud Amiri
Director, Product Management, CA Technologies
Francois Lascelles
Chief Architect, Layer 7
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
By now you’ve bought into the idea of using APIs to integrate cloud, mobile devices and the enterprise. But are building safe APIs? One insecure API can increase your organization’s risk profile exponentially. Securing APIs is not like securing the web—a point lost on many developers coming from a web-centric background. Learn what good practices to put in place and the common security anti-patterns you must avoid to ensure your company’s APIs are reliable, safe and secure. You will learn:
• The top ways hackers exploit APIs in the wild
• Common identity pitfalls and how to avoid them
• Why OAuth scopes are essential to master
• How to keep web developers from bringing bad habits with them
Securely expose protected resources as ap is with app42 api gatewayZuaib
App42 API Gateway is a comprehensive & battle-tested API Management solution that enables companies of all sizes and even individuals to launch APIs in minutes.
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
Today’s enterprise mobility solutions emphasize heavy-handed IT governance of devices and applications that impose a burden on developers and/or users. However, managing data and applications using high performance mobile-optimized infrastructure can enable secure, scalable apps while minimizing the effort required by developers and allowing them to focus on their strengths. Come learn how to facilitate the best of both worlds – multi-layer mobile security using modern standards and a fantastic user experience.
This presentation was given at the Auckland API and Microservices MeetUp, 2016-MAR-03. The connected world is increasingly reaching from the virtual domain into the physical, through the rapid evolution of connected devices. What are the behavior and business patterns that are shaping this convergence? Where are the sources of innovation, what forces are shaping investments and value creation? What is the role of the enterprise? We explore the landscape with an eye for technology gaps and business opportunity.
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
In this webinar from November 2015, John Barco (VP of Product Management) and Tim Sedlack (Sr. Product Manager) take you on a journey:
A long time ago in a technology sector far, far away, organizations were promised a unified platform for centralizing identity and integrating it into resources everywhere. But this promise was never realized. Instead, organizations were forced down a dark path to implement a piecemeal identity infrastructure that was painful, with massive integration costs. Finally, the wait is over. In this webinar, we will provide an overview of ForgeRock's unified platform and highlight all the common services provided across the end-to-end solution to make your life easier.
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Similar to Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliewer Principal Consultant/Solutions Architect, CA Technologies (20)
Extend your legacy SOA/ESB infrastructure to Mobile & IoT
This webinar recording provides a use-case driven discussion around appropriate use of existing middleware infrastructure as well as its shortcomings. It dives deep into how APIs can not only complement an ESB or SOA infrastructure but also fill existing gaps.
Watch this webinar recording to learn about:
- Strengths and weaknesses of your existing ESB/SOA infrastructure
- Architecture strategy: extend and add value to legacy middleware with APIs
- Integration / API use cases in Retail, Manufacturing and Telecom
- The API360 approach to digital strategy
These slides are from our "Master Digital Channels with APIs" webinar on April 28, 2015.
The webinar provides practical guidance for any Chief Digital Officer or Chief Marketing Officer who is pushing for digital transformation within their business.
Learn more about APIs at ca.com/api
Examining today's biggest API breaches to mitigate API security vulnerabilities
Data breaches have become the top news story. And APIs are quickly becoming the hacker's new favorite attack vector. They offer a direct path to critical information and business services that can be easily stolen or disrupted. And your private APIs can be exploited just as easily as a public API. So what measures can you take to strengthen your security position?
This webinar explores recent API data breaches, the top API security vulnerabilities that are most impactful to today's enterprise and the protective measures that need to be taken to mitigate API and business exposure.
You Will Learn
-Recent breaches in the news involving APIs
-Top attacks that compromise your business
-Mitigating steps to protect your business from attacks and unauthorized access
-API Management solutions that both enable and protect your business
Learn about API Security at http://www.ca.com/api
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
At some point, we all need to design and implement APIs for the Web. What makes Web APIs different than typical component APIs? How can you leverage the power of the Internet when creating your Web API? What characteristics to many "great" Web APIs share? Is there a consistent process you can use to make sure you design a Web API that best fits your needs both now and in the future?
In this session Mike Amundsen describes a clear methodology for designing Web APIs (based on the book "RESTful Web APIs" by Richardson and Amundsen) that allows you to map key aspects of your business into a usable, scalable, and flexible interface that will reach your goals while creating a compelling API for both server and client developers. Whether you are looking to implement a private, partner, or public API, these principles will help you focus on the right metrics and design goals to create a successful API.
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
Liberating the API Economy with Scale-Free Networks
The Web exhibits a feature found in many complex systems known as "Scale-Free" or "Power-Law" networks, sometimes called the "long tail" Most people think of the "long tail" as an economic and/or social property. However, it also represents physical and informational properties fundamental to the way the Web works. But the steady increase in major service outages indicate that many current Web APIs, services, and even client applications ignore this basic "law of the Web."
This talk explores the "Scale-Free" rule of complex systems and offers clear and simple advice to those planning to build and/or consume APIs for the Web. Such as what to avoid, what to plan for, what to build, and how to identify & steer clear of clients and services that fail to abide by the rules and, in the process, are making it harder for all of us to liberate the API Economy.
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
APIs are everywhere: powering mobile apps, enabling cloud computing, connecting people through social networks and helping to create the Internet of Things. Organizations of every kind are evaluating how they can leverage APIs and replicate the success of companies like Amazon, Google and Salesforce.
Join this webinar to learn about the #API360 model for enterprise API success. This model covers the full spectrum of considerations for companies looking to succeed with APIs for the long haul. You will also hear more about the upcoming #API360 Summit that will take place in Dallas on February 26.
You Will Learn
• How leading Web companies have used APIs to boost revenues and market share
• How to create an enterprise API strategy that will yield real business results
• How to institutionalize best practices that will allow your APIs to evolve and grow
Securely Open data as APIs to internal groups and third parties to generate revenue
In today's application economy, organizations are leveraging APIs to create new revenue streams. To monetize its information, the enterprise needs a way to transform data into APIs, enforce SLAs and implement a standardized fulfillment process with flexible and integrated billing systems.
This webinar will explored how enterprises can overcome these monetization challenges, using an API management solution that securely opens data to internal groups and third parties as APIs, in order to generate revenue.
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
The Information Age, 100 years on
The rise of the computer and the digital revolution is responsible for an explosion of devices, data, and connectedness. These are all enabling what is called the dawning of the Information Age. And software designers, developers, and architects all share an important responsibility for shaping and guiding the world’s progress through this axial age into the future.
However, more than 100 years ago, the work of organizing the world’s information into a single all-encompassing taxonomy had already begun. Partially influenced by the positivist doctrine of Auguste Comte, leading thinkers of the early 20th century such as the librarian Paul Otlet in Belgium, museum curator Patrick Geddes in Scotland, and educator Melvil Dewey in the US were each working to design universal classification systems that would encompass and coordinate the explosion of information appearing in libraries, museums, newspapers, magazines, and eventually even radio, movies, and television.
What did we learn in the last century? What have we forgotten? How does their work affect our current trajectory in transforming the work of software and systems design and development? What can we take from Dewey, Otlet, and Geddes with us in to the next 100 years of the Information Age.
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
Identity on the Internet is changing. Social networking has kicked off a massive change in how we integrate identity across applications. This is much more than a simple redesign of security tokens and protocols; instead it is a radical redistribution of power and control over entitlements, shifting it away from the centralized control of a cabal of directory engineers and out to the users themselves.
There are compelling reasons for this shift: it enables scaling of identity administration, and it promotes rapid and agile integration of applications. These are goals shared by the enterprise, but this change has significant implications on infrastructure, people and process. Join us to learn how you can bring modern identity management into the enterprise.
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
Learn about innovative approaches to differentiating, extending reach and establishing trust in financial service.
Web and mobile technologies have changed the way we bank, spend money and manage our finances. Using APIs to expose backend systems is central to how financial services organizations are using these digital channels to maximize customer engagement and extend reach into new markets.
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
The Internet of Things (IoT) promises to improve our productivity and day-to-day lives by connecting a vast range of devices – from cell phones, to cars, to domestic appliances and even to drones. APIs represent the key technology that will make it possible to integrate and leverage information from all these “things”.
There are obvious security and privacy concerns associated with using APIs to expose data and functionality from one device to many others. So, how can we make sure hackers cannot exploit the unprecedented connectivity created by IoT? This webinar will explore key IoT use cases and explain how to address the API security requirements for these use cases.
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
The VIP networking lunch will feature a presentation by Keith Junius, Solution Architect, from Veda on ‘Implementing an API Management Platform’. Attendees will hear about how Veda has modernized their B2B API platform by deploying SOA Gateways. Join Layer 7 at this lunch to learn about:
• Design considerations for API management platforms
• Technical and business challenges faced across the whole system lifecycle
• The soft skills required to achieve a successful outcome
• Lessons learned during and after the project
• Benefits realized by the new platform
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
Today, tech-savvy consumers are always connected, using their mobile devices to compare prices, read user-generated reviews and pay for products - and many leading e-tailers already connect their customers to this information. The any time, any place connectivity enabled by mobile devices empowers all retailers to offer the kinds of enhanced shopping experiences modern consumers are becoming accustomed to.
To truly satisfy the needs of these well-informed, mobile consumers, retail organizations will need ways to create unified shopping experiences across all channels – from brick-and-mortar stores to the Web to mobile. Increasingly, offering a compelling mobile experience will become the cornerstone upon which these omni-channel shopping experiences are built.
In this webinar, you will learn how APIs can:
• Help deliver a consistent retail experience across multiple channels
• Connect retailers with social data
• Extend legacy systems to mobile apps
• Enable organizations to make real-time use of contextual data and buying patterns
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...CA API Management
Cars are already full of sensors and producing gigabytes of data, but they are not connected yet. Connecting them can represent a tremendous opportunity for several industries (insurance companies, repairs, traffic optimization...) but it certainly comes with a lot of challenges. Security and Privacy are the biggest challenges this market have to overcome, especially because it has been completely out of scope for this industry so far.
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014CA API Management
As HTTP-based APIs become more common and more standardized, mindshare and momentum is shifting from a service-oriented model to the "client-side" of the application space. It is the client application that users fall in love with and it is the client application developer that holds the keys to this relationship.
Client developers pick APIs based not just on ease of use and helpful document. Often they are selecting APIs that make their applications "look good" and APIs that can be easily "mashed up" with other service offerings into new "applications" - ones that don't rely on just one service API.
This talk reviews patterns in developer practices and trends in services and libraries -- from the increase in the number of client-side libraries such as EmberJS, Angular, and Bootstrap to the appearance of new "API composition" platforms such as Strong Loop -- that give us a picture of why it's important to identify and leverage the growing sentiment that "Clients Matter, Services Don't.
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...CA API Management
Whether it be infotainment, companion or ecommerce apps, they all have one thing in common - APIs. APIs are enabling the development of new apps both inside and outside the vehicle. But the "always on" connectivity comes with increased risk to both the user and data.
Explore common app initiatives fueling the connected car industry
Understand the intersection of connected car apps, identities and agile API platforms
Learn how to apply the right security and UX balance that drives connected car app adoption
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
23. Greg Kliewer
Principal Consultant, Systems Architect
greg.kliewer@ca.com
@cainc
slideshare.net/CAinc
linkedin.com/company/ca-technologies
ca.com
Editor's Notes
Web sitesPortalsCustomers accessed them via browsers on their desktop and laptop computersNo programmatic access from the WWWAPIs were exposed “behind the firewall” for web sites and portals to access, but there was no access from the WWWAPIs were protected by network separation
Used Web API technologies like HTTP, SSL/TLS, and language-independent, text-based grammarWere mostly adopted for old-school API purposes: to connect applications “on the corporate network”; to “service orient” the enterprise and delivery apps – often new web apps – quickly and less expensivelyHOWEVER, there was some limited uptake of SOAP services access to enterprise services and assets from the WWW by business partners and corporate customersEnterprise to Enterprise integration
REQUIRE programmatic access from the WWWDID NOT EMBARACE use PKI-based securityWhy? Because the market for these apps are not corporations with whom we can contract and run technology projects. These apps are consumed by capital-C Consumers who demand impeccable user experience, including simple and easy installationShow picture of PKI (CA/RA and WoT) As a publisher of Web APIs, do not expect to identify who is calling by verifying digital signatures with asymmetric crypo operations