APIs have transformed our digital world by connecting data, processes and people. There are thousands of APIs publicly available for creating innovative applications dealing with public services, health sciences, social media and many others. APIs offer great benefits, but they come with security and legal risks. Unfortunately, there are no repositories that provide security/legal assessments on these publicly available APIs. Existing repositories such as ProgrammableWeb, API.io, RapidAPI.com, APIs.guru and others are best at providing API endpoints, categories and other information, which are not sufficient to address the security and legal concerns.

In this presentation, I will talk about recent API security attacks and common mistakes that are being made in APIdesign. I’ll give an overview of OWASP top-10 API security risks and how to identify them using various Open Source security tools. I will also talk about legal risks that should be avoided while using Open APIs. Overall, audience will learn about how to: (1) take advantage of the myriad of public APIs; (2) accelerate product development; (3) meet compliance regulations; (4) reduce security/legal/operational risks to make data-driven applications more INNOVATIVE (through Open APIs) yet SECURE (from cyber-attacks) and COMPLIANT (with GDPR, EU-US Privacy Shield, and other regulations).