APIs, the Universe, and Everything

Until conference starts:
✓ 2-in-1 conference package
✓ Team discount
✓ Extra specials for freelancers

Register now

Bis Konferenzbeginn
✓ Extra-Specials für Freelancer
✓ Kollegenrabatt
✓ 2-in-1-Konferenzpaket
Jetzt anmelden
Until conference starts:
✓ 2-in-1 conference package
✓ Team discount
✓ Extra specials for freelancers
Register now
Danke für Eure Teilnahme
✓ Bis zum nächsten mal!

Cloud-native application security involves balancing contradictory requirements: the benefits of cloud services in accelerating development, while at the same time handling security in an adverse environment where there are more attack surfaces and opportunities for data breaches. Today, tools exist that focus specifically on the security and vulnerability posture of cloud workloads. Container and configuration vulnerabilities are identified, and enforcement policies are enacted to protect the workloads if these are operating with such vulnerabilities.

Unfortunately, many security tools do not address the vulnerabilities of APIs. Cloud-native applications expose many internal API services and developers are increasingly using external API services for their applications. Both internal and external API use expose the workload to new vulnerabilities; more strongly, workload security and API security are really two sides to the same coin. This talk specifically focuses on the security problems and vulnerabilities exposed through APIs.Questions we address include:

· What does a developer know about a service before using it?
· Does a poorly defined interface expose API service vulnerabilities?
· Does the service perform well to begin with?
· How does the developer get/maintain an access token?
· Do API specs show critical use cases and dependencies?
· Can the security impact of an external API service be estimated and managed?
· Do the APIs violate the OWASP API top 10?
· How can we test against the OWASP API top 10?
· Can PII be shared with such services?

We show how SecureCN addresses both sides of the security coin: container workload and API security in one tool, and we present actual issues with a live demonstration of SecureCN.

This Session Diese Session Take me to the current program of . Hier geht es zum aktuellen Programm von Berlin Berlin or oder The Hague Den Haag .

All News & Updates of API Conference:

Behind the Tracks

API Management

A detailed look at the development of APIs

API Development

Architecture of APIs and API systems

API Design

From policies and identities to monitoring

API Platforms & Business

Web APIs for a larger audience & API platforms related to SaaS