APIs, the Universe, and Everything

Session
Until January 27:
✓ Save up to 418€
✓ Raspberry Pi or Arduino for free
✓ Team discount
Register now
Danke für Eure Teilnahme
✓ Bis zum nächsten mal!
Until conference starts:
✓ 2 in 1 conference package
✓ Group Discount
✓ Special discount for freelancers
Register now
Bis Konferenzbeginn:
✓ 2-in-1-Konferenzpaket
✓ Kollegenrabatt
✓ Extra-Specials für Freelancer
Jetzt anmelden
Infos
Wednesday, April 6 2022
15:30 - 16:15

Cloud-native application security involves balancing contradictory requirements: the benefits of cloud services in accelerating development, while at the same time handling security in an adverse environment where there are more attack surfaces and opportunities for data breaches. Today, tools exist that focus specifically on the security and vulnerability posture of cloud workloads. Container and configuration vulnerabilities are identified, and enforcement policies are enacted to protect the workloads if these are operating with such vulnerabilities.

Unfortunately, many security tools do not address the vulnerabilities of APIs. Cloud-native applications expose many internal API services and developers are increasingly using external API services for their applications. Both internal and external API use expose the workload to new vulnerabilities; more strongly, workload security and API security are really two sides to the same coin. This talk specifically focuses on the security problems and vulnerabilities exposed through APIs.Questions we address include:

· What does a developer know about a service before using it?
· Does a poorly defined interface expose API service vulnerabilities?
· Does the service perform well to begin with?
· How does the developer get/maintain an access token?
· Do API specs show critical use cases and dependencies?
· Can the security impact of an external API service be estimated and managed?
· Do the APIs violate the OWASP API top 10?
· How can we test against the OWASP API top 10?
· Can PII be shared with such services?

We show how SecureCN addresses both sides of the security coin: container workload and API security in one tool, and we present actual issues with a live demonstration of SecureCN.

Take me to the full program of Zum vollständigen Programm von The Hague Den Haag .

This Session belongs to the Diese Session gehört zum Programm vom  The HagueDen Haag program. Take me to the program of . Hier geht es zum Programm von Berlin Berlin .

This Session Diese Session belongs to the gehört zum Programm von The HagueDen Haag program. Take me to the current program of . Hier geht es zum aktuellen Programm von The Hague Den Haag or oder Berlin Berlin .

All News & Updates of API Conference:

Behind the Tracks

API Management

A detailed look at the development of APIs

API Development

Architecture of APIs and API systems

API Design

From policies and identities to monitoring

API Platforms & Business

Web APIs for a larger audience & API platforms related to SaaS