Wednesday, October 26, 2022
KEYNOTE (API): IBM -- Power Your Digital Business with a Comprehensive API Strategy: A Retailer’s Journey
API management is key to achieving digital transformation. Learn what's new with API management technologies and strategies and what's coming next. This session will include a fireside chat with a client about how they've achieved digital transformation with API management.
The adoption of an API-first development methodology can help your business extend your competitive edge and increase bottom-line revenues. At the same time, the lack of complete API visibility compounded by coding errors, misconfigurations, or loopholes can expose exploitable vulnerabilities. Using demonstratable examples from the OWASP API Security Top 10 list, Les Corriea, Global Head of Application Security at Estee Lauder will discuss the challenges they overcame in their API protection journey and their efforts to continually stay ahead of the ever-evolving API threat landscape. The presentation will include:
* Why API protection is on every CISO’s mind
* The role OWASP API Security Top 10 list of threats plays
* API protection best practices and recommendations
APIs occupy a unique spot in the technology world. They're a primary method for delivering on business initiatives – from modernization to customer experience.
However, challenges such as cloud security, API proliferation and lack of community engagement can slow progress and reduce the value of your APIs.
This interactive session will showcase real-world examples from your peers at companies building out unique and targeted solutions using APIs and microservices architectures. You’ll also discover the challenges and best practices they’ve encountered designing and building APIs, adopting cloud-native architectures and ensuring the proper level of security and governance.
**One lucky audience member will WIN A YETI COOLER ($350 value) at the end of this presentation! (To be shipped to them after API World.)
OPEN TALK (API): SurrealDB - Simplifying the Backend Tech Stack and Improving API Security Using a Multi-Model Cloud Database
With the exponential growth of data and devices, and the move to the cloud, there is a need to store, analyse, and query data in a multitude of different ways, from a host of different clients and devices - whilst at the same time ensuring that only the right user has access to the appropriate data.In this talk we will cover why and how a multi-model database platform can be used to reduce complexity and costs in the API layer and in the backend tech stack, by speeding up application development, while offering improved data security protection for all users.
KEYNOTE (API): Akamai -- API Security, Simply: How to Reduce Surface Area of API Risk with Automatic Discovery & Security
At Akamai, we observe trillions of API hits every day and analyze 300TB of attack data daily. This session will use some of these insights to discuss how to drive stronger DDoS and malicious input protections. Reduce surface area of API risk with automatic discovery and security — automatically and continuously analyze traffic to discover known, unknown, and changing APIs and provide recommendations to protect APIs from DDoS, injection, and credential stuffing attacks.
An API gateway is the storefront and doorway into your organization’s API offerings. In that sense, it needs to provide an effective way to showcase new APIs and help speed up time to market. But how do you ensure your API providers can continue to grow, while enabling clients to seamlessly adapt to your APIs?
Our talk focuses on Bloomberg’s journey of growing our API gateway to house hundreds of API projects that unlock financial data for clients across the global capital markets — both from an infrastructure and product perspective. OpenAPI specifications are at the heart of our strategies for onboarding teams with self-service tooling, our review process that ensures quality and consistency across all of our API products, and the interactive documentation we’ve built to increase client engagement.
Businesses increasingly expect their software to come with out-of-the-box integrations to the other products they use. Building and maintaining all of these integrations is messy work and diverts a lot of dev time from core product innovation. Embedded iPaaS has recently emerged as a new kind of integration platform specifically designed to solve SaaS companies' integration needs. This session will explore why embedded iPaaS is gaining traction and how it helps SaaS teams build native integrations faster, manage the complexities of configuration and deployment, and provide a self-serve integration UX.
The modern web “application” is really a conglomeration of interconnected APIs, microservices, web apps, frameworks, libraries, and serverless functions spread across multiple cloud and on-premise environments. Simply inventorying your APIs is not nearly enough to make them secure. In this talk, I'll review the five major components of an API security program. We’ll talk about detection, security testing, securing libraries, runtime protection, and access management. We will focus on automation and review the pros and cons of traditional scanning and perimeter tools as well as modern instrumentation-based security tools. You’ll leave with practical guidance on next steps for your API security program.
Events and asynchronous APIs are critical to modern application development and integration. However, API management solutions have not evolved to support the different communication patterns, security threats, and productization potential that asynchronous APIs and events bring with them. Instead of settling for "the old" API Management that leaves you locked down on just HTTP and REST API, the market has delivered a wholly new approach to managing asynchronous APIs and events: event-native API Management.
Attend this joint Solace and Gravitee session to learn:
How event-native API Management speeds up & expands modernization initiatives
How to securely expose event steams and API traffic
How to productize (and even monetize) events and asynchronous APIs
How to bring the productivity of evented systems and backends to synchronous systems and applications
The solution in a nutshell? A new kind of API Management that we call “Event-native.”
Join this discussion to learn more about what we mean by “Event-native” API Management and how you can successfully use API Management to ease and propel your organization's modernization initiatives.
Security organizations need to know 4 things when designing threat models to protect their firms - Assets, Actors, Interfaces, and Actions. In other words, "Who's doing what, to what, via what?". The rise of microservices and APIs is bringing tremendous advantages and value in terms of innovation and velocity, but across industries the security model is lagging behind, leaving broad areas and attack surfaces unmanaged and unmonitored. In addition, by exposing business logic directly, APIs provide a target for logic-based attacks, which rule-based defenses like WAFs and API Gateways can only partially protect. Join Wib's CTO and 20 year CISO Chuck Herrin for an overview of what Wib is finding in the field with real-world customers, as well as pragmatic steps to take to close these blind spots in your API ecosystem.
Thursday, October 27, 2022
Chime is the leading fintech unicorn in United States. We handle billions of transaction each day. Making sure our api is up and running is very critical to our customers. As a mobile only bank, our customer expect they should be able to access and spend their money at any time.
In this session, we will talk about how Chime use synthetic test to monitor the health of our APIs. Chime has REST APIs, Graphql APIs and real time communication API(based on web socket).
We use synthetic test to simulate many critical user workflow and run the test periodically. Synthetic test can monitor REST API and Graphql API out of box. For the real time api, we used AWS lambda to monitor the health and expose REST endpoint using AWS api gateway. Then we use synthetic test to monitor the REST endpoint. The synthetic monitor approves to be very effective in detect problems. The synthetic monitor turns out to be the first to detect many of our system outages.
OPEN TALK (API): PDF Signatures vs Web-Based Signatures: Building Workflows to Enhance your Security and Efficiency
The focus of this talk with be PDF document signatures and how they differ from web-based signatures. This talk will cover:
• What are the different types of eSignatures?
• Advantage of document-based vs web-based eSignatures.
• Digital signature security.
• Validations including LTV.
• Building workflows with document-based signatures.
• Using a PDF SDK to enhance the eSignature process.
OPEN TALK (API): How a Combined Shift-Left and Shield-Right Approach Delivers End-To-End API Security
Development and security teams know securing APIs is a critical task, yet companies are still debating the pros and cons of adopting a developer-first approach to protecting their APIs versus a more traditional shield-right security model. In this presentation, Isabelle examines the pros and cons of each approach, and shows through demonstrations how development and security teams can achieve the best of both approaches to achieve continuous API Security. Isabelle will show how developers can embed security as code in their APIs but also how security teams can maintain visibility and control via API micro-firewalls and existing SIEM services.
It's clear that API use is skyrocketing and there's no sign of a slow down. This growth is accompanied by a shift in API use - not just as connective tissue, but as products which impact customer experiences and even drive new revenue streams. These API products have powerful organizational benefits, but also introduce new business considerations - including API security, which is quickly becoming the battleground for business risk. Join this session to learn how organizations are leveraging API products to improve customer experiences while streamlining the process of maintaining stringent application security.
There is no one-size-fits-all approach to building API infrastructure, and what you need will change with the scale of your operations. So instead of buying a tool for the ages, learn how to select technologies based on where you are today in your API journey. Explore the stages of API modernization, implications for your API strategy, and considerations to ensure your technology will scale with you as you grow.
APIs are everywhere. From APIs for 150k+ SaaS apps to APIs for blockchain, IoT, AI, and everything in between. Companies may theoretically combine these APIs with current systems to quickly build intriguing new applications. It's important to figure out which tool you'll need to link your systems and data sources, as well as if you'll require an iPaaS or an APIM platform. This session will show how internal systems may be safely exposed as APIs, as well as how to expose your integration as APIs with only a few clicks rather than coding from scratch.
Kubernetes and Microservices are important technologies for developing and deploying applications. In this talk, we will describe how a multi-model database such as Oracle is embracing and extending Kubernetes to enable developers to build mission-critical applications on these technologies. We will also describe how to best leverage the capabilities of a multi-model database such as Oracle to implement popular microservices patterns (such as Event Sourcing, Transactional Outbox, Idempotent, etc.). This talk will cover both what is in the current database release as well as a sneak peek at what is coming soon.
The easiest APIs to use are the ones built for your use case. If your customers are all doing the same thing, and you're not adding new functionality very often, you can fine-tune your product to be perfect. The hardest APIs to use are those built for the wrong use case. If you're trying to get value from something that is designed from the ground-up for something else entirely, you're going to have a bad time. Is there a middle ground?
Microservices is a well-established pattern in service architecture, but the concept is not often applied to data and analytics. In Breaking Down the Monoloth, Ankit Patel will take us through Foursquare's decomposition of its location data and APIs, in building "location primitives'' that continue to support easy-to-use purpose-built APIs, but also allow rapid remixing and new use cases of the underlying components.
46 million Americans said they’d like to use cryptocurrencies to make retail purchases, and new APIs can help make that happen. Cryptocurrency platforms have come a long way in the last decade and new APIs are helping make crypto more accessible for the average person. Randy will discuss how flexible APIs help cryptocurrency platforms simplify how cryptocurrency holders make purchases, accelerating innovation in the space. He’ll share examples, such as how Coinbase created a customizable debit card that makes it easy for its users to spend from their crypto balances where Visa debit cards are accepted.
SHAP is a great tool to help developers and users understand black box models. To push it to the next level, we will show how to leverage on Dash, SHAP, gifs, and auto-encoders to generate interactive dashboards with animations and visual representations to understand how different AI models learn and change their minds while progressively trained with growing amounts of data.
Animations will help developers understand how frequently AI models tweak their population and local importance factors during training and how they compare across competing AI models, adding an extra layer to AI safety. Auto-encoders and LSTM will be used to generate 2-dimensional embedding representations of explainability paths at individual level, allowing developers to interactively detect algorithm decision making similarity across time and visually debug mislabeled AI predictions at each point in time.
We will show this application in the context of Chronic Kidney Disease prediction and broader Healthcare AI.
This session will touch on the evolution of Zoom, including how and why Zoom’s founder and CEO, Eric S. Yuan, decided to build Zoom. The session will include insights on how today, Zoom is more than meetings and how what started as a meetings app has quickly evolved into a comprehensive platform, including our Developer Tools. Touching on the Zoom Developer Platform, it will highlight how the platform enables developers, platform integrators, service providers, and customers to easily build apps and integrations that use Zoom’s video communication solutions or integrate Zoom’s core technology into their products and services. Then, we will discuss how Zoom is building flexible developer solutions, such as Zoom’s Meeting SDKs/APIs and Video SDKs/APIs that extend the value Zoom provides across more and more tasks, and in turn, increase the platform’s differentiation as the future of communications. To close the session, we will discuss the Zoom ISV Partner Program and the GTM approach that was launched to promote ISVs and leverage a full partner ecosystem for developers using the Zoom APIs/SDKs.