Wednesday, November 2, 2022
[#VIRTUAL] KEYNOTE (API): IBM -- Power Your Digital Business with a Comprehensive API Strategy: A Retailer’s Journey
API management is key to achieving digital transformation. Learn what's new with API management technologies and strategies and what's coming next. This session will include a fireside chat with a client about how they've achieved digital transformation with API management.
[#VIRTUAL] KEYNOTE (API): Estée Lauder -- A Step-by-Step Journey to API Protection
Les Correia
Estée Lauder, Executive Director - Global Head of Application Security Enterprise Cybersecurity and RiskThe adoption of an API-first development methodology can help your business extend your competitive edge and increase bottom-line revenues. At the same time, the lack of complete API visibility compounded by coding errors, misconfigurations, or loopholes can expose exploitable vulnerabilities. Using demonstratable examples from the OWASP API Security Top 10 list, Les Corriea, Global Head of Application Security at Estee Lauder will discuss the challenges they overcame in their API protection journey and their efforts to continually stay ahead of the ever-evolving API threat landscape. The presentation will include:
* Why API protection is on every CISO’s mind
* The role OWASP API Security Top 10 list of threats plays
* API protection best practices and recommendations
[#VIRTUAL] OPEN TALK (API): How Businesses are Navigating the Perilous API Waters to Maximize Profit
APIs occupy a unique spot in the technology world. They're a primary method for delivering on business initiatives – from modernization to customer experience.
However, challenges such as cloud security, API proliferation and lack of community engagement can slow progress and reduce the value of your APIs.
This interactive session will showcase real-world examples from your peers at companies building out unique and targeted solutions using APIs and microservices architectures. You’ll also discover the challenges and best practices they’ve encountered designing and building APIs, adopting cloud-native architectures and ensuring the proper level of security and governance.
**One lucky audience member will WIN A YETI COOLER ($350 value) at the end of this presentation! (To be shipped to them after API World.)
[#VIRTUAL] OPEN TALK (API): The Right Data at the Right Time: Hyper-Personalized Real-Time Data at Internet Scale
As companies everywhere move to and create new applications in the cloud, the ability to deliver personalized real-time experiences is no longer a “nice-to-have” – it’s a competitive necessity for every digital service. However, with new experiences come new challenges, especially when handling high volume data for real-time delivery.
This talk will cover the ways in which traditional methods of data distribution must transition to innovative event-driven architectures, and we will walk through examples of how data wrangling-at-the-edge augments traditional stream processing to assure efficient delivery of hyper-personalized data at Internet scale.
[#VIRTUAL] KEYNOTE (API): Akamai -- API Security, Simply: How to Reduce Surface Area of API Risk with Automatic Discovery & Security
At Akamai, we observe trillions of API hits every day and analyze 300TB of attack data daily. This session will use some of these insights to discuss how to drive stronger DDoS and malicious input protections. Reduce surface area of API risk with automatic discovery and security — automatically and continuously analyze traffic to discover known, unknown, and changing APIs and provide recommendations to protect APIs from DDoS, injection, and credential stuffing attacks.
[#VIRTUAL] Empowering API Growth with Open API Specifications
An API gateway is the storefront and doorway into your organization’s API offerings. In that sense, it needs to provide an effective way to showcase new APIs and help speed up time to market. But how do you ensure your API providers can continue to grow, while enabling clients to seamlessly adapt to your APIs?Our talk focuses on Bloomberg’s journey of growing our API gateway to house hundreds of API projects that unlock financial data for clients across the global capital markets — both from an infrastructure and product perspective. OpenAPI specifications are at the heart of our strategies for onboarding teams with self-service tooling, our review process that ensures quality and consistency across all of our API products, and the interactive documentation we’ve built to increase client engagement.
[#VIRTUAL] OPEN TALK (API): Embedded iPaaS: What It Is and Why SaaS Teams Use It to Scale Native Integrations
Businesses increasingly expect their software to come with out-of-the-box integrations to the other products they use. Building and maintaining all of these integrations is messy work and diverts a lot of dev time from core product innovation. Embedded iPaaS has recently emerged as a new kind of integration platform specifically designed to solve SaaS companies' integration needs. This session will explore why embedded iPaaS is gaining traction and how it helps SaaS teams build native integrations faster, manage the complexities of configuration and deployment, and provide a self-serve integration UX.
[#VIRTUAL] PRO TALK (API): API Security Doesn’t Stop at Inventory
The modern web “application” is really a conglomeration of interconnected APIs, microservices, web apps, frameworks, libraries, and serverless functions spread across multiple cloud and on-premise environments. Simply inventorying your APIs is not nearly enough to make them secure. In this talk, I'll review the five major components of an API security program. We’ll talk about detection, security testing, securing libraries, runtime protection, and access management. We will focus on automation and review the pros and cons of traditional scanning and perimeter tools as well as modern instrumentation-based security tools. You’ll leave with practical guidance on next steps for your API security program.
[#VIRTUAL] KEYNOTE (API): Gravitee -- Out with the Old, in with the New: Event-Native API Management
Events and asynchronous APIs are critical to modern application development and integration. However, API management solutions have not evolved to support the different communication patterns, security threats, and productization potential that asynchronous APIs and events bring with them. Instead of settling for "the old" API Management that leaves you locked down on just HTTP and REST API, the market has delivered a wholly new approach to managing asynchronous APIs and events: event-native API Management.
Attend this joint Solace and Gravitee session to learn:
How event-native API Management speeds up & expands modernization initiatives
How to securely expose event steams and API traffic
How to productize (and even monetize) events and asynchronous APIs
How to bring the productivity of evented systems and backends to synchronous systems and applications
The solution in a nutshell? A new kind of API Management that we call “Event-native.”
Join this discussion to learn more about what we mean by “Event-native” API Management and how you can successfully use API Management to ease and propel your organization's modernization initiatives.
[#VIRTUAL] KEYNOTE (API): Wib Security -- When Adoption Outpaces Security - The Current State of API Security
Security organizations need to know 4 things when designing threat models to protect their firms - Assets, Actors, Interfaces, and Actions. In other words, "Who's doing what, to what, via what?". The rise of microservices and APIs is bringing tremendous advantages and value in terms of innovation and velocity, but across industries the security model is lagging behind, leaving broad areas and attack surfaces unmanaged and unmonitored. In addition, by exposing business logic directly, APIs provide a target for logic-based attacks, which rule-based defenses like WAFs and API Gateways can only partially protect. Join Wib's CTO and 20 year CISO Chuck Herrin for an overview of what Wib is finding in the field with real-world customers, as well as pragmatic steps to take to close these blind spots in your API ecosystem.
VIP Networking Afterparty w/ Featured Speakers: The State of the API Industry: The API-Native Landscape
Les Correia
Estée Lauder, Executive Director - Global Head of Application Security Enterprise Cybersecurity and Risk
Thursday, November 3, 2022
[#VIRTUAL] OPEN TALK (API): Monitor Health of API
Chime is the leading fintech unicorn in United States. We handle billions of transaction each day. Making sure our api is up and running is very critical to our customers. As a mobile only bank, our customer expect they should be able to access and spend their money at any time.In this session, we will talk about how Chime use synthetic test to monitor the health of our APIs. Chime has REST APIs, Graphql APIs and real time communication API(based on web socket).We use synthetic test to simulate many critical user workflow and run the test periodically. Synthetic test can monitor REST API and Graphql API out of box. For the real time api, we used AWS lambda to monitor the health and expose REST endpoint using AWS api gateway. Then we use synthetic test to monitor the REST endpoint. The synthetic monitor approves to be very effective in detect problems. The synthetic monitor turns out to be the first to detect many of our system outages.
[#VIRTUAL] OPEN TALK (API): PDF Signatures vs Web-Based Signatures: Building Workflows to Enhance your Security and Efficiency
The focus of this talk with be PDF document signatures and how they differ from web-based signatures. This talk will cover:
• What are the different types of eSignatures?
• Advantage of document-based vs web-based eSignatures.
• Digital signature security.
• Validations including LTV.
• Building workflows with document-based signatures.
• Using a PDF SDK to enhance the eSignature process.
[#VIRTUAL] OPEN TALK (API): How a Combined Shift-Left and Shield-Right Approach Delivers End-To-End API Security
Development and security teams know securing APIs is a critical task, yet companies are still debating the pros and cons of adopting a developer-first approach to protecting their APIs versus a more traditional shield-right security model. In this presentation, Isabelle examines the pros and cons of each approach, and shows through demonstrations how development and security teams can achieve the best of both approaches to achieve continuous API Security. Isabelle will show how developers can embed security as code in their APIs but also how security teams can maintain visibility and control via API micro-firewalls and existing SIEM services.
[#VIRTUAL] KEYNOTE (API): Google -- The Powerful Potential and Challenges of API Products
It's clear that API use is skyrocketing and there's no sign of a slow down. This growth is accompanied by a shift in API use - not just as connective tissue, but as products which impact customer experiences and even drive new revenue streams. These API products have powerful organizational benefits, but also introduce new business considerations - including API security, which is quickly becoming the battleground for business risk. Join this session to learn how organizations are leveraging API products to improve customer experiences while streamlining the process of maintaining stringent application security.
[#VIRTUAL] OPEN TALK (API): API Tools for the Stages, Not the Ages
There is no one-size-fits-all approach to building API infrastructure, and what you need will change with the scale of your operations. So instead of buying a tool for the ages, learn how to select technologies based on where you are today in your API journey. Explore the stages of API modernization, implications for your API strategy, and considerations to ensure your technology will scale with you as you grow.
[#VIRTUAL] KEYNOTE: Jitterbit - Using iPaaS to Drive Your API Connectivity Needs
APIs are everywhere. From APIs for 150k+ SaaS apps to APIs for blockchain, IoT, AI, and everything in between. Companies may theoretically combine these APIs with current systems to quickly build intriguing new applications. It's important to figure out which tool you'll need to link your systems and data sources, as well as if you'll require an iPaaS or an APIM platform. This session will show how internal systems may be safely exposed as APIs, as well as how to expose your integration as APIs with only a few clicks rather than coding from scratch.
[#VIRTUAL] OPEN TALK (API): Key Benefits of Modernizing Monolith Legacy Applications to Microservices With the Strangler Pattern
Transforming monolithic applications into microservices is a fundamental element for business modernization in order to innovate, scale and retain competitive positioning in the market. While modernization takes many forms, transforming monolithic applications into microservices is the most effective way to regain engineering velocity. In this session, Amir Rapson, CTO and co-founder of vFunction, will present how an AI assisted method that implements the Strangler Pattern to transform existing legacy monolithic applications into cloud-native microservices is used and how it benefits developers. This technical workshop will also include insights into how to determine components needed to run in parallel to existing monolithic code, the key factors for selecting components to refactor and critical elements to executing a successful app modernization strategy.
[#VIRTUAL] KEYNOTE (API): Oracle -- Kubernetes and Microservices with Multi-Model Databases
Kubernetes and Microservices are important technologies for developing and deploying applications. In this talk, we will describe how a multi-model database such as Oracle is embracing and extending Kubernetes to enable developers to build mission-critical applications on these technologies. We will also describe how to best leverage the capabilities of a multi-model database such as Oracle to implement popular microservices patterns (such as Event Sourcing, Transactional Outbox, Idempotent, etc.). This talk will cover both what is in the current database release as well as a sneak peek at what is coming soon.
[#VIRTUAL] KEYNOTE (API): Foursquare -- Breaking Down the Monolith
The easiest APIs to use are the ones built for your use case. If your customers are all doing the same thing, and you're not adding new functionality very often, you can fine-tune your product to be perfect. The hardest APIs to use are those built for the wrong use case. If you're trying to get value from something that is designed from the ground-up for something else entirely, you're going to have a bad time. Is there a middle ground?
Microservices is a well-established pattern in service architecture, but the concept is not often applied to data and analytics. In Breaking Down the Monoloth, Ankit Patel will take us through Foursquare's decomposition of its location data and APIs, in building "location primitives'' that continue to support easy-to-use purpose-built APIs, but also allow rapid remixing and new use cases of the underlying components.
[#VIRTUAL] OPEN TALK (API): The 12 facets of the OpenAPI Specification
We'll introduce how Cisco Engineering leverages OAS to drive API quality and state-of-the-art developer experience. We'll then describe OpenAPI best practices, tools and processes built internally and opensourced, as well as the benefits for Cisco partners and customers. Join this session to hear from the best practices and lessons learnt when standardizing on OAS for organizations with a massive internal and external facing APIs porfolio.
[#VIRTUAL] OPEN TALK (API): A Journey into Building a Powerful Developer Platform
This session will touch on the evolution of Zoom, including how and why Zoom’s founder and CEO, Eric S. Yuan, decided to build Zoom. The session will include insights on how today, Zoom is more than meetings and how what started as a meetings app has quickly evolved into a comprehensive platform, including our Developer Tools. Touching on the Zoom Developer Platform, it will highlight how the platform enables developers, platform integrators, service providers, and customers to easily build apps and integrations that use Zoom’s video communication solutions or integrate Zoom’s core technology into their products and services. Then, we will discuss how Zoom is building flexible developer solutions, such as Zoom’s Meeting SDKs/APIs and Video SDKs/APIs that extend the value Zoom provides across more and more tasks, and in turn, increase the platform’s differentiation as the future of communications. To close the session, we will discuss the Zoom ISV Partner Program and the GTM approach that was launched to promote ISVs and leverage a full partner ecosystem for developers using the Zoom APIs/SDKs.