apidays Australia 2023 - 3 Simple Steps to Improve API Security, Carlos Rodriguez Iturria, foryouandyourcustom

Transcript

1. foryouandyourcustomers.com Amsterdam Baar Essen Feldkirch Frankfurt Melbourne Munich Sofia St

   Pölten Stuttgart Sydney Uster Vienna Zurich We, at foryouandyourcustomers can help you explore and maximise the use of your APIs to be effectively secured, governed and designed for reusability and consumption. May 2023 Carlos R Iturria Practice Director
2. None

3. “A bird sitting on a tree is never afraid of

   the branch breaking, because her trust is not on the branch but on its own wings” - Unknown

4. There is no way to avoid cyber attacks… But… We

   can avoid data breaches.

5. foryouandyourcustomers.com The nature of today's API landscape creates a massive

   new attack surface, making it highly attractive to threat actors. APIs are everywhere API vulnerabilities are easy to exploit APIs are changing constantly * 2022 API Security Trends Report, 451 Research; 2022 State of the API Report, Postman; API Security Disconnect, 2022 200% 28% 76% developers say they deploy APIs into production once a week* growth of APIs per year* of organisations have had an API-related breach in the past year*

6. foryouandyourcustomers.com The recent data breaches in Australia have caused large

   financial damages.

7. 1 3 2 4 foryouandyourcustomers.com The pillars of API security

   are essential for understanding and categorising the various risks associated with APIs. Known vulnerabilities Hackers exploit known vulnerabilities that haven't been patched. 5 Rogue, zombie, and shadow APls Unmanaged APIs leave operations vulnerable. (What you don't know CAN hurt you.) External exposures Credentials, keys, and other exposures may exist outside your control. Operator errors Security misconfigurations in infrastructure and services create entry points that can be exploited. Undiscovered vulnerabilities and bugs No software can ever be 100% bug free. Cyber criminals seek to identify and exploit undiscovered vulnerabilities lurking in your APIs.

8. foryouandyourcustomers.com Risk evaluation aims to reduce the financial impact of

   data breaches, cyber- attacks, and operational disruptions. Enterprise API Inventory • API asset inventory and Discovery • Schema Documentation • Change & Drift detection Post-mortem analysis • Ability to root cause analysis, identification of attacks, security postures, exposure discovery and remediation recommendations. Uncover API Vulnerabilities • Configuration control • Vulnerability management • Remediation prioritisation API Attack Management • Detection and prevention of attackers and suspicious behaviour in real-time. Penetration Testing • Secure APIs in dev as part of your CI/CD pipeline to stop vulnerabilities before production.

9. foryouandyourcustomers.com Amsterdam Baar Essen Feldkirch Frankfurt Melbourne Munich Sofia St

   Pölten Stuttgart Sydney Uster Vienna Zurich Let’s chat about... API Security, Keto lifestyle, Calisthenics or Living on a Simulation… May 2023 Carlos R Iturria Practice Director

10. foryouandyourcustomers.com Carlos R. Iturria How can we support you and

    your customers? +61 449 588 440 [email protected]