Tuesday, October 26, 2021

- PDT
PRO WORKSHOP (API): API MythBusters: Crushing Five Security Myths that are Crushing Your Safety
Join on Hopin
Michael Isbitski
Michael Isbitski
Salt Security, Technical Evangelist

Digital transformation and application modernization are exponentially driving up the use of APIs. We’re using more APIs than ever, and they’re more functional than ever. They’re also more attractive to hackers than ever, but lots of organizations are hanging onto old ways of thinking about API security.

Join our lively discussion on the top five common industry myths surrounding API security. You’ll learn the pitfalls of some misguided API security approaches, cut through the hype around a few security trends, and get recommendations on how to improve your organization’s API security strategy.

Key takeaways:

  • The impact trends such as zero trust, cloud migration, containerization, and shift-left are having on API security

  • The role of traditional security controls in API security – what they deliver and where they fall short

  • The value of a full lifecycle approach in grappling with API security

  • How to deploy dedicated API security that fits today’s automated, agile, and cloud-first environments

Wednesday, October 27, 2021

- PDT
OPEN TALK (API): Nightmare on API Street - How to Avoid one FinTech's Horror
Join on Hopin
Michael Isbitski
Michael Isbitski
Salt Security, Technical Evangelist

APIs help drive efficiency and faster innovation so that organizations can support their business. Attackers also know this reality and zone in on APIs as a primary attack vector. The end result is a potential nightmare for organizations with API-driven business applications as they face the risks of data breach, privacy incident, and more.

In this session, we review first hand API threat research gleaned from a large financial institution. Its SaaS platform provides API services to thousands of partner banks and financial advisors, and security researchers found many alarming API vulnerabilities. Researchers were able to demonstrate exploits of these vulnerabilities, showing that anyone could:

  • Read any financial records of any customer, despite lacking the proper authorization 
  • Delete any customer’s user accounts across the financial platform 
  • Tamper with authentication parameters and take over any account 
  • Launch an application-level denial of service attack that would render entire applications unavailable



Unfortunately, this financial institution isn’t unique. Attend this session to gain insights into API security best practices to prevent this nightmare from being yours.

Thursday, October 28, 2021

- PDT
OPEN TALK (API): The Real World, API Security Edition: When Best Practices Stop Being Polite and Start Being Real
Join on Hopin
Michael Isbitski
Michael Isbitski
Salt Security, Technical Evangelist

API security has emerged as a top priority for protecting vital data and services. Unfortunately, many organizations are just one vulnerable API away from a privacy incident or data breach, and it’s an area where many companies lack expertise.

This “real world” episode shares six essential techniques, drawn straight from the trenches of customer deployments, to help guide your API security best practices.

Join us for a discussion of these key areas:

- API documentation, discovery, and cataloging to improve awareness of your API attack surface
- Runtime protection to prevent sensitive data exposure and protect your APIs from abuse
- API-centric security operations so you're prepared in the event of an API incident or breach

This session will also share ways to make it easier and more automatic to address the many elements of API security.

Come find out what happens…when APIs stop being vulnerable. And start getting secure.