#OPENTALKCHALLENGE

Wednesday, November 2, 2022

- PDT
[#VIRTUAL] OPEN TALK (API): API Security Is an Application Problem. Here’s Why.
Join on Hopin
Jeremy Snyder
Jeremy Snyder
FireTail, Founder

All of the attack vectors against APIs to date have exploited application logic failings. In this talk, we'll examine the most important app constructs to ensure API security, and discuss approaches to building more secure APIs.

We'll examine select breaches in each of the main categories - authentication, authorization, enumeration and injection, and draw some conclusions about which layer of security is most relevant in each.

We'll then discuss ways that organizations can both design and monitor APIs for best practices in security. 

- PDT
[#VIRTUAL] OPEN TALK (API): Future of Development: Developer Mindset Is Required Not Skillset
Join on Hopin
Muthu Raju
Muthu Raju
Linx LLC apiplatform.io, Founder, CEO

Abilities and skills are two different things. Most organizations today hire people based on skills, not abilities. The future of development will be only for people with developer thinking - skillsets (programming languages) will be obsolete with no-code platforms and aggregators in the marketplace.

Linx LLC is a US-based company founded in 2020. Our vision is to "Build a platform that enables technology-savvy organizations to reimagine speed, scale, and agility to improve productivity and cultivate innovation." Our mission is to "Eliminate waste in the end-to-end development process and provide everyone with a much accessible, faster, cheaper technology platform to bring their ideas to product more quickly." Our first flagship product, apiplatform.io, is a cloud-agnostic, no-code platform that focuses on enabling organizations to build and integrate APIs at a revolutionary speed. In addition, the platform provides a fully automated and highly configurable self-service capability.
We are an early-stage but rapidly growing start-up. In our two years of operation, we conservatively had a run rate of approximately $1M per year with a trajectory to exceed that. We have expanded from two to 30 employees, from two to five international locations, covering four continents. Our customers are excited about the platform and steadily build confidence, trusting us to build their products. We have customers from a wide range of sectors, including FinTech, e-Commerce, and Edtech, with approximately 20,000 APIs being developed and about 100 developers using the platform. 

- PDT
[#VIRTUAL] OPEN TALK (API): Effective API Security: API Discovery, Runtime Protection, Security Analytics, Active Testing
Join on Hopin
Dan Gordon
Dan Gordon
Traceable, Technical Evangelist

APIs are the glue that connects all of our software systems. But our knowledge and ability to track and secure APIs has not kept up with our rapid adoption of them. This API sprawl introduces significant operational and security risks, yet securing your APIs is different than everything we've been doing to secure our applications to date. WAFs don't help. API gateways aren't enough. DAST testing isn't enough. So what do we need to do differently?


In this session we will discuss why and how the approach to securing APIs needs to be different. We'll look at what you should consider through the software development lifecycle. And we'll share some real-world examples of organizations that have built and maintained robust API security strategies, with impressive outcomes related to reduced risk, lowered costs, and more secure API development practices.

- PDT
[#VIRTUAL] OPEN TALK (API): API Security: How Are You Securing the #1 Attack Vector?
Join on Hopin
Karl Mattson
Karl Mattson
Noname Security, CISO

API Security: How Are You Securing the #1 Attack Vector?

No surprise in the era of digital transformation: Gartner predicts that in 2022, application programming interface attacks will become the most-frequent attack vector. And yet many security leaders, when pressed, do not even know how many APIs they have in their environments - never mind their level of security.


So, what are you doing proactively to protect your environment from API vulnerabilities, design flaws, and misconfigurations? Register for this session API Security: How Are You Securing the #1 Attack Vector?, to gain new insights as well as address:


- How are adversaries exploiting API security gaps to launch successful attacks?

- What are the top API vulnerabilities, and how are proactive enterprises mitigating them?

- How can API visibility be enhanced for automated monitoring, detection, and response?

- PDT
[#VIRTUAL] OPEN TALK (API): Increase Developer Happiness with OpenAPI-driven Quality Engineering
Join on Hopin
Tom Peelen
Tom Peelen
Sauce Labs, Senior Solution Engineer

Most developers did not grow up dreaming of becoming professional debuggers. Nor did they dream of becoming professional gamblers who sometimes bet the house on when to mark an application ready for production. At the end of the day, most developers really want one big thing: digital confidence.

OpenAPI-driven development has emerged as the most popular way to help boost developer confidence. Instead of distributed teams trying to inefficiently collaborate on distributed systems using API documentation that may have to change often, teams can work with confidence on a single version of API truth by turning all documentation into standardized OpenAPI (OAS) specification files. Engineers can then use the OAS files to write API contract, functional, integration and load/performance tests.

But what happens to digital confidence when engineers are asked to add tens or hundreds of microservices? The OpenAPI-driven approach can still work–but it needs to scale at unprecedented levels.

New solutions such as Python micro-frameworks, Flask and FastAPI, have quickly emerged to give developers an easy and highly scalable way to auto-generate OpenAPI spec files from countless API documentation. But these new solutions tell only half the story of scaling digital confidence for microservices, CI/CD pipelines, TDD/BDD and other use cases.

Tom Peelen, Senior Solution Engineer at Sauce Labs, discusses how developers at gaming companies, large banks and financial services companies, retailers, healthcare, telecom and other organizations are handling being held accountable for releases in production. Tom shows how developers using frameworks like FastAPI to auto-generate OAS spec files are also able to almost simultaneously auto-generate API contract tests of both the consumer and provider (via mock servers) during API development. Attendees will also hear Tom describe how Performance, Reliability and API Monitoring teams are leveraging insights from OpenAPI-driven API tests (contract, functional, integration and load/performance) to optimize digital confidence in production environments. 

- PDT
[#VIRTUAL] OPEN TALK (API): Improving Developer Experience With OpenAPI
Join on Hopin
Rosie Cunningham
Rosie Cunningham
Dropbox, Developer Evangelist

HelloSign recently made the decision to adopt OpenAPI for API documentation and SDKs. In this session we’ll discuss OpenAPI at large, the factors that influenced our decision, insights gained from the migration process, and the promising improvements we’ve seen in developer experience so far. 

- PDT
[#VIRTUAL] OPEN TALK (API): Evented API Gateways: Bringing the Productivity of Evented Systems to Synchronous Services and Systems
David Brassely
David Brassely
Gravitee, Co-Founder & Chief Architect
Alex Drag
Alex Drag
Gravitee, Director of Product Marketing

We all know that synchronous and asynchronous APIs can be a bit like oil and water. They’re completely different, operate on different protocols, and operate on different communication paradigms. 

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products. 

- PDT
[#VIRTUAL] OPEN TALK (API): Optimizing Journeys: Waypoints, Matrix and Route Planning APIs
Join on Hopin
Jose Jose Rojas Ealo
Jose Jose Rojas Ealo
TomTom, Developer Advocate TomTom Maps APIs

Since the explosion in the on-demand services around the world, the search for the best ETA provider is on!
Usually the TomTom Routing APIs would be used to plan and create routes for diverse vehicles and lots of restrictions, but with the Matrix Routing APIs to collect the distances and times for several locations, the product team thought that was enough to serve the industry, since we will always pair it with the Routing APIs.
Some months later we get feedback that clients were over using the API and making too many unnecessary calls to the backend, so we added a new end point for this specific use-case: the Waypoint Optimization,
This is the API design story from our developers and clients. 

- PDT
[#VIRTUAL] OPEN TALK (API): Document & Messaging Integration
Join on Hopin
Philip Gyuling
Philip Gyuling
Compart, Head of Product Portfolio

Compart focuses on one goal: making our customers' handling of data, documents, and customer communications reliable and convenient. Viewing, Converting, Extraction, Composing, Comparing, Delivering, Validation & Workflow capabilities on demand via API.

We strongly believe in the idea of packaged business capabilities that allow our customers to tailor our document and communication solutions to their needs and enable them to create interconnected systems. In other words, simply hook up applications such as an existing CRM, ERP or ECM system to Compart DocBridge, and you will be communicating with your customers in top quality, via the right channels, at the right time.

How do we achieve this? Through our strong commitment to open, well documented APIs and a flexible, low code process-modeling tool. Technically, you’ll be building customer communication workflows in our web interface that are instantly available as a RESTful service, or subscribing to an Apache Kafka topic or a message queue, or all of the above. If for some reason we don’t cover your specific scenario out of the box, you can enhance it by tapping into the limitless NodeJS repository or just connecting to another API.

In our presentation, we’ll walk you through our unique approach, let you take a look at our product and discuss how DocBridge can be a fit for your business, including various integration options. 

- PDT
[#VIRTUAL] OPEN TALK (API): Of Graphql, API Gateways, and Surgical Monolithectomy
Join on Hopin
Francois Lascelles
Francois Lascelles
Layer7, Distinguished Engineer

GraphQL’s popularity is rising. Its entry in the enterprise landscape occurs at a time where monoliths - creatures whose genesis dates back decades - are growing beyond their optimal mass. This presentation will discuss
- how the adoption of GraphQL as a protocol is affecting the capabilities required by API infrastructure;
- the security implications of choosing GraphQL vs REST;
- our journey, lessons learned in integrating GraphQL into our solution;
- the DX implications of choosing GraphQL vs REST;
- and how GraphQL helps us perform delicate surgical intervention on legacy systems. 

- PDT
[#VIRTUAL] OPEN TALK (API): Identity Is Key to Secure APIs and Microservices
Join on Hopin
Jonas Iggbom
Jonas Iggbom
Curity, Director of Sales Engineering

“Never Trust, Always Verify” is the short phrase minted by NIST in defining Zero Trust. With that in mind, understanding the user identity is an absolute requirement and should be applied when securing all APIs, for internal use cases, in the same way as external ones. Leveraging OAuth and OpenID Connect (OIDC) in a token-based architecture aligns perfectly with achieving Zero Trust, regardless of the level of security needed.

In this talk participants will learn:
- How to leverage mTLS and certificate-bound tokens to level up API security
- Architectural patterns that prevent Personal Identifiable Information (PII) in public applications
- How Scopes and Claims are used to authorize API access 

- PDT
[#VIRTUAL] OPEN TALK (API): You're Building Microservices Wrong
Join on Hopin
Jonathan Oliver
Jonathan Oliver
Smarty, Founder, CEO & CTO

In this presentation we will cover how microservices are typically implemented by ignoring The Fallacies of Distributed Computing. Further, we discuss solutions to make microservices much more robust and able to adapt to the realities of distributed systems. 

- PDT
[#VIRTUAL] OPEN TALK (API): Bring your .NET APIs to AWS
Join on Hopin
Isaac Levin
Isaac Levin
Amazon Web Services, .NET Developer Advocate

APIs are the backbone of many services we all know and love, and when it comes to hosting those APIs, AWS is a great option. When building APIs with .NET on AWS, there are a plentiful amount of options, ranging from the tried-and-true Web API running on Elastic Beanstalk to running highly scalable event driven functions with AWS Lambda. Let us spend some time during this session talking about building APIs on .NET and running them in AWS.

- PDT
[#VIRTUAL] OPEN TALK (API): Enabling Untapped Use Cases - Edge, Memory-Constrained, and Server-Side
Join on Hopin
David vonThenen
David vonThenen
Symbl.ai, Principal Developer Advocate

Many use cases we see today for processing natural language happen in a handful of languages. The prominent ones are Javascript, Python, and Swift/Java (with some Kotlin). Why? Javascript because it naturally integrates with Communication Platforms as a Service. Python because it's foundational in many Machine Learning and Artificial Intelligence projects. Finally, Swift/Java because there are more mobile devices than anything else.

This conference is about APIs, but an integral and equally important topic is how we interact with those APIs. I'm talking about Software Development Kits (SDK), which are essential projects that consume APIs and become helpful abstractions that enable developers to build quickly.

This talk is about doing or, more specifically, not doing what's expected. It's about doing something different. The focus of this talk is that providing an SDK in an atypical language within a given ecosystem will allow users to build projects and applications in untapped neighboring communities. 

- PDT
[#VIRTUAL] OPEN TALK (API): Proxies, Gateways, and Meshes: Cloud Connectivity Pattern for the Curious
Join on Hopin
Viktor Gamov
Viktor Gamov
Kong, Developer Advocate

API gateway technology has evolved a lot in the past decade, capturing more prominent and comprehensive use cases in what the industry calls “full lifecycle API management.”
API gateways were a management of the network runtime that allows us to expose and consume the APIs, secure them, and govern our API traffic. They provide a series of functionalities to support the development cycle, including creating, testing, documentation, monitoring, and overall exposure of our APIs.
Then around 2017, another pattern emerged from the industry: service mesh! Service mesh is an infrastructure layer for microservices communication. It abstracts the underlying network details and provides discovery, routing, and a variety of other functionality.
In this talk, Viktor Gamov will illustrate the differences between API gateways and service mesh — and when to use one or the other pragmatically.
This talk will also discuss the similarities and differences between the communication layer provided by gateways and service mesh. 

- PDT
[#VIRTUAL] OPEN TALK (API): Getting to Cloud-Native
Join on Hopin
Timo Stark
Timo Stark
NGINX, Developer Advocate

With surprisingly few exceptions, cloud-native apps are not created, but migrated.
Taking our existing apps from monolith goes through stages including refactoring and re-architecting.
But how do you get there without total disruption?
Nginx Unit, an open source universal web app server, makes it approachable to move as needed.
By hosting the “old” API stack during lift and shift operations, Unit keeps the production apps running.
And since Unit supports broader needs of languages and control (even security), it provides an easier and controlled method of moving to a “new” API stack in our cloud-native adaptive applications.
Find out more about how Unit provides the universal web app server we need on our journey. 

- PDT
[#VIRTUAL] OPEN TALK (API): Is Your App Security Scalable?
Join on Hopin
Anthony Molzahn
Anthony Molzahn
Devii, CEO | Co-Founder

This discussion focuses on building durable, scalable access control systems for you and your clients’ database/app architectures. We will review three access control systems (Access Control Lists (ACLs), Role-Based Access Controls (RBAC), and Policy-Based Access Controls (PBAC (or ABAC))) and then, in a thought experiment, compare the development and maintenance effort of each when fulfilling the authorization requirements for one software app. The goal of this discussion is to offer you a system selection guide for your apps and present the case for why we chose PBAC for Devii. 

- PDT
[#VIRTUAL] OPEN TALK (API): Creating Profitable Revenue Streams with API Monetization and Analytics
Join on Hopin
Ram Kanumuri
Ram Kanumuri
Kellton, Vice President - Digital Technology Practice

In this talk, we’ll break down two areas of API strategy: API analytics and API monetization.

API analytics are valuable for multiple stakeholders, including product owners, customer success, marketing, and sales. We’ll examine how to get the right data to make informed decisions, outgrow competitors and scale your product.

We’ll also show how teams can use API insights to manage service levels, establish controls, set up security policies, and analyze trends. These analytics not only solve real-world business problems that have a significant impact on organizations, but also help establish a profitable monetization strategy.

A successful API monetization strategy centers around providing true value to paying consumers. API monetization models vary — from pay-as-you-go to monthly/annual billing to “bucket” purchases of API transactions to be consumed over time. We’ll discuss how to create monetizations to deliver high-quality, consistent value to your API users.

**TWO lucky audience members will WIN a PATAGONIA Refugio Daypack ($100 value each) at the end of this presentation! (will be shipped to them after the event) 

Thursday, November 3, 2022

- PDT
[#VIRTUAL] OPEN TALK (API): APIs: The Target of Multi-Mode Attacks
Join on Hopin
Bret Settle
Bret Settle
ThreatX, Co-Founder and Chief Strategy Officer

APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application.

As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever.

- PDT
[#VIRTUAL] OPEN TALK (API): The Evolution of API Security
Join on Hopin
Ivan Novikov
Ivan Novikov
Wallarm, Co-founder & CEO

We're seeing a rapid evolution in web application security tools – from WAFs to WAAPs to API Threat Protection. Legacy vendors are scrambling to catch up – moving from appliances to cloud, adding API threat detection capabilities to existing platforms, providing a myriad of capabilities that don't contribute to security or duplicate other capabilities that already exist in the security stack.

In a replay of the bad old days, security teams are often brought in late to the game (or after). The move to "shift left" is absolutely important, but not sufficient -- security teams also need the ability to "shield right" (just like we had to with physical endpoints).

API-specific security tools need to account for a wide swath of challenges:
- Different protocols (like REST, GraphQL, gRPC, etc.) – each presenting a different security challenge.
- A myriad of deployment options – it's not a single network anymore, but rather a multiverse.
- An open target – API are, by definition & design, open so the job of protecting them is much more difficult than before.
- Continuous attacks – making continuous detection and response critical to modern organizations in order to continue to innovate, compete, and better serve customers.
- Public-facing APIs are just the tip of the iceberg – as the recent Uber hack demonstrated, we're back to the days of "hard shell / gooey tasty insides" (which failed before), so API security must really bring the "zero-trust" to protect organizations. 

- PDT
[#VIRTUAL] OPEN TALK (API): Building an API Monetization Stack
Join on Hopin
Matt Tanner
Matt Tanner
Moesif, Head of Developer Relations

Have APIs that you want to use to build revenue? Currently experiencing headaches from existing monetized APIs? Regardless, chances are that you have API resources that others are willing to pay for. The toughest part? Figuring out how to build the right stack for seamless and easy API monetization. In this talk, we will discuss the components of a technology stack that are required when trying to monetize your APIs.

We will cover how to choose a billing provider, API management's role in monetization, and how to bring it all together in an end-to-end solution. By the end of this talk, listeners will have a better understanding of exactly what it takes to build a robust monetization solution for their APIs. 

- PDT
[#VIRTUAL] OPEN TALK (API): Expanding from Consumer to Enterprise with APIs: Learn, Build, Optimize
Join on Hopin
Dr. Aram Mkhitaryan
Dr. Aram Mkhitaryan
Picsart, VP, Product & Tech, API

Picsart built a 150M monthly creators strong consumer business with its app that offers hundreds of individual tools for fast editing. And now the company is exploring new territory with their new API program designed to make their most popular consumer creative tools available to enterprises and platforms via API. Learn how Picsart’s API team built a new revenue stream from existing tech but with a completely new business approach. 

- PDT
[#VIRTUAL] OPEN TALK (API): API Tools for the Stages, Not the Ages
Join on Hopin
Andrew Stiefel
Andrew Stiefel
NGINX, Product Marketing Manager

There is no one-size-fits-all approach to building API infrastructure, and what you need will change with the scale of your operations. So instead of buying a tool for the ages, learn how to select technologies based on where you are today in your API journey. Explore the stages of API modernization, implications for your API strategy, and considerations to ensure your technology will scale with you as you grow.

- PDT
[#VIRTUAL] OPEN TALK (API): Cautionary Tales - Real World Case Studies of API Blind Spots and Security Issues, and How to Avoid Them
Join on Hopin
Chuck Herrin
Chuck Herrin
WIB, CTO

While experience is the best teacher, tuition is high. In this session Wib’s CTO Chuck Herrin builds on our Filed Report session to take a deep dive into real world examples of API security issues in live environments, and how your team can take the lessons to benefit your organization. 

- PDT
[#VIRTUAL] OPEN TALK (API): A Guide to the Event-Native World of Open Standards: AsyncAPI, CloudEvents, and Shared Signals & Events
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product

More and more, Event-Driven Architecture (EDA) is being adopted by organizations. While it unlocks new revenue streams and use cases, it also brings challenges around discovery, documentation, security, and standardization. 

In an Event-native API world, API products and consumers need to have the right tools, standards and specifications to address these challenges. In this session, we will dive into these standards and tools. 

Join this session to:

Learn about open standards and specifications such as CloudEvents, AsyncAPIs and Shared Signals & Events
Learn how these three standards and specs differentiate and work together. 
Explore a vendor-neutral use case that exemplifies these standards in an Event-native API Management context

Are Event Management & Streaming solutions and API Management solutions competing solutions? Or are they compliments?

Attend this session to hear our case for the two solutions as “friends,” and learn how you can implement a top-class API and Event Management strategy within your organization.


- PDT
[#VIRTUAL] OPEN TALK (API): Applying AI to API Testing across the Lifecycle
Join on Hopin
Swetha Sridharan
Swetha Sridharan
IBM API Connect, Product Manager

Time to market and ability to change rapidly while retaining high quality is a key business driver today. Come learn how API Developers can apply different testing approaches using AI at various points in the API lifecycle. Be more productive & improve quality faster than ever before! 

- PDT
[#VIRTUAL] OPEN TALK (API): Build with the Zoom Video SDK, Zoom’s Core Technology
Join on Hopin
Tommy Gaessler
Tommy Gaessler
Zoom, Lead Developer Advocate

Zoom has opened up its core technology for developers alike to build custom video, audio, screen share, and chat experiences. Learn how to use the Zoom Video SDK and witness just how simple, yet powerful it is.

- PDT
[#VIRTUAL] OPEN TALK (AI): Scaling AIaaS: from DALL-E to Uber
Join on Hopin
Daniel Siryakov
Daniel Siryakov
Comet, Senior Product Manager

As companies begin to embrace AI in key parts of their businesses, they want to explore and scale AI at minimal costs. However developing in-house AI-based solutions for every problem is a complex process and requires huge capital investment. The industry is now embracing AI as a service wherein third party tools can fill in the gaps. In this talk, Daniel will walk through the current landscape, trends, and technical challenges. He will also feature a few customer stories and a proposed modular solution to help your team jumpstart on this journey. 

- PDT
[#VIRTUAL] OPEN TALK (API): Creatives Are Not Robots: Letting APIs Automation Do That for You
Join on Hopin
Landon Giss
Landon Giss
Adobe, Senior Manager, Product Management Creative Cloud

Creatives Are Not Robots: Letting APIs and Automation Do That for You. Join the creativity transformation with Creative Cloud Automation Services


Accelerate content creation

Work faster and smarter by automating tedious tasks and setting up reusable workflows for repetitive design work.


Work how you want

Produce content tailored to your specific needs through your choice of Creative Cloud APIs.


Leverage Adobe’s cloud-based services

Access cloud-based APIs without having to open your desktop products to quickly deliver scalable, secure solutions.