20 years ago Bill Gates spent a weekend reading the book “Writing Secure Code”, the then 477-page manuscript by Michael Howard and David LeBlanc, themselves Microsoft security engineering leaders, warned about the perils of security issues arising from bad coding hygiene. The result was a memo published on January 15, 2002 called “Trustworthy Computing” wherein Bill Gates mandated Microsoft should prioritize security over adding new features to their software. Now some 20 years later our attack surface has drastically increased and strategies like Open Banking are incentivising the close inspection of API vulnerabilities by unwanted entities.

In this session we will focus on API security by looking at 3 main pillars:

• API Posture Management to de-risk your API services.
• Runtime Security and inferring normal vs unwanted behaviour.
• Shifting-Left by bringing automated API security testing to your pre-production environment.

We will do this through the lens of the OWASP API Security Top 10 and research findings by Alissa Knight, recovering hacker and partner at Knight Ink.