Upgrade to Pro — share decks privately, control downloads, hide ads and more …

INTERFACE by apidays 2023 - API Security & Ecos...

apidays
PRO
July 11, 2023
Programming
0
14

INTERFACE by apidays 2023 - API Security & Ecosystem Trust, Jeremy Snyder, FireTail

INTERFACE by apidays 2023
APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization
June 28 & 29, 2023

API Security & Ecosystem Trust: Protecting the Keys to Your Kingdom
Jeremy Snyder, Founder and CEO at FireTail

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays
PRO

July 11, 2023
Tweet

More Decks by apidays

See All by apidays
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security Challenges by Eli Arkush, Akamai
apidays
PRO
0
26
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finnlines and Grimaldi Lines by Vesa Vähämaa, Finnlines
apidays
PRO
0
24
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hanna Sillanpaa, Abloy
apidays
PRO
0
17
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaango
apidays
PRO
0
27
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Testing with K6 by Ayush Goyal, Grafana Labs
apidays
PRO
0
16
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli Kilpeläinen, Betolar
apidays
PRO
0
13
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovský, Thermo Fisher Scientific
apidays
PRO
0
28
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giraldo, ING
apidays
PRO
0
25
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring Them Together by Merja Kajava, Aavista Oy
apidays
PRO
0
13

Other Decks in Programming

See All in Programming
watsonx.ai Dojo #2 生成AIを使ったアプリ開発入門編
oniak3ibm
PRO
0
230
Jakarta EE meets AI
ivargrimstad
0
390
私のEbitengineの第一歩
qt_luigi
0
450
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
0
120
Amazon BedrockでサーバレスなAIお料理ボットを作成する!!
tosuri13
0
230
オートマトン学習しろ / Do automata learning
makenowjust
3
130
GenU導入でCDKに初挑戦し、悪戦苦闘した話
hideg
0
170
GraphQLとGigaViewer for Apps
numeroanddev
2
110
rails_girls_is_my_gate_to_join_the_ruby_commuinty
maimux2x
0
200
メモリ最適化を究める!iOSアプリ開発における5つの重要なポイント
yhirakawa333
0
420
Architecture Decision Record (ADR)
nearme_tech
PRO
1
690
意外とフォントが大事だった話 / Font Issues on Internationalization
fumi23
0
110

Featured

See All Featured
Rebuilding a faster, lazier Slack
samanthasiow
78
8.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
32k
Music & Morning Musume
bryan
46
6k
Practical Orchestrator
shlominoach
185
10k
The Pragmatic Product Professional
lauravandoore
31
6.2k
Git: the NoSQL Database
bkeepers
PRO
425
64k
Automating Front-end Workflow
addyosmani
1365
200k
Into the Great Unknown - MozCon
thekraken
29
1.4k
Why Our Code Smells
bkeepers
PRO
334
56k
Art, The Web, and Tiny UX
lynnandtonic
294
20k
Optimising Largest Contentful Paint
csswizardry
31
2.8k
Infographics Made Easy
chrislema
239
18k

Transcript

  1. API Days Interface| June 2023 | Jeremy Snyder

  2. API Security & Ecosystem Trust: Protecting the Keys to Your

    Kingdom…

  3. …and how to lose trust

  4. About me. CEO & Founder at FireTail. 20+ years in

    cybersecurity. 5 human languages. Once went 5 days without seeing another human, but saw lots of reindeer. - Former: AWS, DivvyCloud, Rapid7, TRADOS, others. - UNC BA, GMU MBA, Aalto. - Cofounded FireTail Feb 2022. - [email protected] | @halffinn.

  5. How are APIs an ecosystem construct?

  6. Image credit: FireTail Inc, Shutterstock

  7. The Amazon Flywheel Image credit: Amazon

  8. 83% of Internet traffic is API calls. We are on

    track to having 1T APIs. Sources: Akamai, Dell Capital

  9. Ecosystem trust…

  10. Core pillars. Digital trust. Security Privacy Reliability Transparency Image credit:

    SoftCircles

  11. What’s the fastest way to destroy your API ecosystem? Lose

    trust.

  12. Step 1 - Reddit. - Change of API usage policy.

    - June 2023. - 1B+ records. - Web & mobile app. - Free -> paid. - No community input. - Company ignoring feedback. - Peloton. - Breach (proven). - May 2021. - 3M records. - IoT backend. - Easy-to-guess IDs. - Sequential numbering. - BOLA. - Schneider Electric. - Breach. - June 2023. - ??M records. - IoT app. - Weak configuration. - Single credentials. - Clear text. API actions that erode trust. https://www.firetail.io/api-data-breach-tracker

  13. Step 1 - Reddit. - Change of API usage policy.

    - June 2023. - 1B+ records. - Web & mobile app. - Free -> paid. - No community input. - Company ignoring feedback. - Peloton. - Breach (proven). - May 2021. - 3M records. - IoT backend. - Easy-to-guess IDs. - Sequential numbering. - BOLA. - Schneider Electric. - Breach. - June 2023. - ??M records. - IoT app. - Weak configuration. - Single credentials. - Clear text. API actions that erode trust. https://www.firetail.io/api-data-breach-tracker

  14. Step 1 - Reddit. - Change of API usage policy.

    - June 2023. - 1B+ records. - Web & mobile app. - Free -> paid. - No community input. - Company ignoring feedback. - Peloton. - Breach (proven). - May 2021. - 3M records. - IoT backend. - Easy-to-guess IDs. - Sequential numbering. - BOLA. - Schneider Electric. - Breach. - June 2023. - ??M records. - IoT app. - Weak configuration. - Single credentials. - Clear text. API actions that erode trust. https://www.firetail.io/api-data-breach-tracker

  15. API ecosystem strategy!

  16. Digital trust. Communication. Security Privacy Reliability Transparency Versioning Connections Integrations

  17. API security strategy!

  18. Perimeter Image credit: Wikimedia Commons

  19. Agents Image credit: Warner Bros

  20. Monitoring Image credit: Shutterstock

  21. https://www.firetail.io/api-security-report-2023

  22. API security to maintain ecosystem trust. Beginning API security is

    built on many core security first principles. - Maintain visibility. - Keep the right perimeter. - Least privilege. - Good encryption & credential handling. Advanced API security requires going much deeper. - App-level authentication. - App-level authorization. - Proper data handling. - Centralized audit trail.

  23. Report. Get the report. Learn about the data breaches around

    API Security, and how they impact digital ecosystems. https://tinyurl.com/firetail-api-report The State of API Security 2023

  24. Launch. Get started. Get free access to the FireTail API

    Security platform. Or download our open-source libraries at https://github.com/firetail-io https://firetail.app Protect your APIs with FireTail

  25. Thanks