API-first architecture have had significant impact on the application development landscape. They have enabled organizations to speed up application development, easily use complex functionality, and enhance collaboration with service providers and customers. In fact, many enterprises derive an increasing amount of their revenue from APIs used by customers.
However, scalable security solutions for APIs are notoriously elusive, even as DevSecOps faces increasing security demands. Thus, enterprises face a looming threat from under-protected APIs (underscored by the OWASP Top 10 2017 update).
This talk will focus on enumerating this risk, discuss the challenges, and explore solutions. First, we will evaluate applications in the IoT, online retail and financial mobile spaces to highlight the complexity of managing the technical and business risk. Second, we examine the difficulty in securing these applications and examine why web scanners don’t work. Third, we present a scalable testing framework to automate testing. Fourth, we discuss SDLC integration for the framework. Finally, we will discuss real world results.
This talk will allow attendees to walk away with:
+ Deeper understanding of business and technical risks around APIs
+ Enumerate real world challenges while highlighting weaknesses in current security tooling
+ Present scalable solutions for securing APIs
Application Development teams in enterprises are actively searching for solutions to deal with API security and will finally be able to address the problem.