Tuesday, October 26, 2021
PRO WORKSHOP (API): API MythBusters: Crushing Five Security Myths that are Crushing Your Safety
Join on HopinDigital transformation and application modernization are exponentially driving up the use of APIs. We’re using more APIs than ever, and they’re more functional than ever. They’re also more attractive to hackers than ever, but lots of organizations are hanging onto old ways of thinking about API security.
Join our lively discussion on the top five common industry myths surrounding API security. You’ll learn the pitfalls of some misguided API security approaches, cut through the hype around a few security trends, and get recommendations on how to improve your organization’s API security strategy.
Key takeaways:
The impact trends such as zero trust, cloud migration, containerization, and shift-left are having on API security
The role of traditional security controls in API security – what they deliver and where they fall short
The value of a full lifecycle approach in grappling with API security
How to deploy dedicated API security that fits today’s automated, agile, and cloud-first environments
Wednesday, October 27, 2021
OPEN TALK (API): Nightmare on API Street - How to Avoid one FinTech's Horror
Join on HopinAPIs help drive efficiency and faster innovation so that organizations can support their business. Attackers also know this reality and zone in on APIs as a primary attack vector. The end result is a potential nightmare for organizations with API-driven business applications as they face the risks of data breach, privacy incident, and more.
In this session, we review first hand API threat research gleaned from a large financial institution. Its SaaS platform provides API services to thousands of partner banks and financial advisors, and security researchers found many alarming API vulnerabilities. Researchers were able to demonstrate exploits of these vulnerabilities, showing that anyone could:
- Read any financial records of any customer, despite lacking the proper authorization
- Delete any customer’s user accounts across the financial platform
- Tamper with authentication parameters and take over any account
- Launch an application-level denial of service attack that would render entire applications unavailable
Unfortunately, this financial institution isn’t unique. Attend this session to gain insights into API security best practices to prevent this nightmare from being yours.
Thursday, October 28, 2021
OPEN TALK (API): The Real World, API Security Edition: When Best Practices Stop Being Polite and Start Being Real
Join on HopinAPI security has emerged as a top priority for protecting vital data and services. Unfortunately, many organizations are just one vulnerable API away from a privacy incident or data breach, and it’s an area where many companies lack expertise.
This “real world” episode shares six essential techniques, drawn straight from the trenches of customer deployments, to help guide your API security best practices.
Join us for a discussion of these key areas:
- API documentation, discovery, and cataloging to improve awareness of your API attack surface
- Runtime protection to prevent sensitive data exposure and protect your APIs from abuse
- API-centric security operations so you're prepared in the event of an API incident or breach
This session will also share ways to make it easier and more automatic to address the many elements of API security.
Come find out what happens…when APIs stop being vulnerable. And start getting secure.