Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays Australia 2023 - 3 Simple Steps to Impr...

apidays
October 24, 2023

apidays Australia 2023 - 3 Simple Steps to Improve API Security, Carlos Rodriguez Iturria, foryouandyourcustom

apidays Australia 2023 - Platforms, Products, and People: The Power of APIs
October 11 & 12, 2023
https://www.apidays.global/australia/

3 Simple Steps to Improve API Security
Carlos Rodriguez Iturria, Principal Director and Practice Lead - Data Integration, API and Security at foryouandyourcustom

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays

October 24, 2023
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. foryouandyourcustomers.com Amsterdam Baar Essen Feldkirch Frankfurt Melbourne Munich Sofia St

    Pölten Stuttgart Sydney Uster Vienna Zurich We, at foryouandyourcustomers can help you explore and maximise the use of your APIs to be effectively secured, governed and designed for reusability and consumption. May 2023 Carlos R Iturria Practice Director
  2. “A bird sitting on a tree is never afraid of

    the branch breaking, because her trust is not on the branch but on its own wings” - Unknown
  3. foryouandyourcustomers.com The nature of today's API landscape creates a massive

    new attack surface, making it highly attractive to threat actors. APIs are everywhere API vulnerabilities are easy to exploit APIs are changing constantly * 2022 API Security Trends Report, 451 Research; 2022 State of the API Report, Postman; API Security Disconnect, 2022 200% 28% 76% developers say they deploy APIs into production once a week* growth of APIs per year* of organisations have had an API-related breach in the past year*
  4. 1 3 2 4 foryouandyourcustomers.com The pillars of API security

    are essential for understanding and categorising the various risks associated with APIs. Known vulnerabilities Hackers exploit known vulnerabilities that haven't been patched. 5 Rogue, zombie, and shadow APls Unmanaged APIs leave operations vulnerable. (What you don't know CAN hurt you.) External exposures Credentials, keys, and other exposures may exist outside your control. Operator errors Security misconfigurations in infrastructure and services create entry points that can be exploited. Undiscovered vulnerabilities and bugs No software can ever be 100% bug free. Cyber criminals seek to identify and exploit undiscovered vulnerabilities lurking in your APIs.
  5. foryouandyourcustomers.com Risk evaluation aims to reduce the financial impact of

    data breaches, cyber- attacks, and operational disruptions. Enterprise API Inventory • API asset inventory and Discovery • Schema Documentation • Change & Drift detection Post-mortem analysis • Ability to root cause analysis, identification of attacks, security postures, exposure discovery and remediation recommendations. Uncover API Vulnerabilities • Configuration control • Vulnerability management • Remediation prioritisation API Attack Management • Detection and prevention of attackers and suspicious behaviour in real-time. Penetration Testing • Secure APIs in dev as part of your CI/CD pipeline to stop vulnerabilities before production.
  6. foryouandyourcustomers.com Amsterdam Baar Essen Feldkirch Frankfurt Melbourne Munich Sofia St

    Pölten Stuttgart Sydney Uster Vienna Zurich Let’s chat about... API Security, Keto lifestyle, Calisthenics or Living on a Simulation… May 2023 Carlos R Iturria Practice Director