SlideShare a Scribd company logo

2022 APIsecure_Harnessing the Speed of Innovation

APIsecure_ Official
APIsecure_ Official

APIsecure - April 6 & 7, 2022 APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security. Harnessing the Speed of Innovation Jyoti Bansal, CEO & Founder at Traceable

Technology
1 of 17
Download to read offline
Harnessing the Speed of Innovation Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai
▪ Introduction ▪ The evolution of modern app development ▪ How to solve for complex API challenges ▪ Securing APIs in the new world ▪ What the future holds Agenda
Software Code and APIs are Everywhere Nos of Developers 45 million Nos of APIs 1.2 Billion 100 Million < 10 Million < 1 Million 2020 2030 2.8 have been written in the past 20 years. Trillion Lines of Code 2010 25 Million VS
APIs Connect Everyone and Everything IDC predicts by 2022, 90% of new enterprise applications worldwide will be developed as cloud-native, using agile methodologies and API-driven architectures that leverage microservices, containers, and serverless functions. IDC FutureScape: Worldwide Cloud 2020 Predictions, Doc # US44640719, October 2019 API Cloud Services Healthcare Mobile Services Real Estate E-commerce Govern ment Education Crypto Financial Services Insurance Media/ Entertai nment Hi-Tech
Growing API Security Crisis 91% of organizations had an API Security incident last year… Security Magazine - Feb 2021 Data Breaches & Exfiltration Business Fraud Sensitive Data Exposure Customer & Employee Privacy Violations Regulatory Fines Intellectual Property Theft
Business Fraud via API Allowed attacker to make unlimited cryptocurrency trades between different currency accounts Learn more Attackers could initiate orders and trade cryptocurrency they did not have by modifying the API - the coinbase validation logic did not verify source account properly, and processed the trade normally. Hacker could take over Apple iCloud Accounts by exploiting the password reset API endpoint of “Forgot Password” function Missing logic validation check in a retail brokerage API endpoint Allowed attacker to bypass 2-Factor authentication, SMS verification and password validation rate limits Learn more Rate limiting protection failed to work as designed APIs hijacked and modified
API Attacks Are Hard to Detect ▪ Mostly Unknown threats ▪ Malicious usage of APIs for unauthorized activities ▪ Exploit your own code and business logic Hard to Detect and High Signal to Noise Ratio Countless Attack Surfaces
Ever-changing Competitive Landscape. Business And Technical Challenge - Constant Change Costumer Needs Change Frequently. Critical Pivots: Process, Architecture, Culture, Engg.
Smaller, autonomous teams. Business And Technical Challenge - Agile Distributed Dev Teams Shift from tightly coupled, monolithic systems to loosely coupled APIs. Higher ratio of dev to security
Securing APIs in this new world…
You Can’t Secure What You Can’t See Application Context API ACTIVITY Edge API Calls Internal API Calls Sequence of API Calls USER ACTIVITY Identity Devices Roles & Permissions DATA FLOW Across Sequence of Calls Between Internal Services To External Services CODE EXECUTION API Parameters Request/Response Data Errors & Latency rider / view locations rider / reserver car rider / process payment rider / send receipt 01010 01010 01010 01010 01010 Observability is the core foundation of application security Edge APIs Internal APIs External Service
Move Over Networks, CODE Is The Next Frontier Of Cyber Security What the future holds…
What the future holds… Transformation journeys that integrate speed, innovation. 01 02 03 APIs will become the primary vector of attack. Even more adoption of APIs as the primary method of delivering value.
Top Three Approaches Needed for API Security Observability is Key Data Lake and Threat Hunting ▪ Capture and correlate all transactions and data for all APIs and microservices (internal, external, shadow, orphaned, 3rd party) ▪ Comprehensive breadth and depth of data captured for application security & observability ▪ Store every data trace from all API and data transactions ▪ All data is explorable, searchable, and filterable ▪ Enables deep root cause analysis and threat hunting ▪ Build full application context ▪ Understand user behavior across all activity and time based on user attribution of every transaction. ▪ Correlate all activities across sessions and time into user storylines Machine Learning Platform for Context
Culture and Collaboration is Key Data transparency is the foundation of collaboration. 01 02 03 API security has to be part of development culture. Continuous learning between API Development and Security teams.
Questions? Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai
Thank you. Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai

Recommended

APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays
 
The winners and losers in the move to the Real-Time Cloud Communications
The winners and losers in the move to the Real-Time Cloud CommunicationsThe winners and losers in the move to the Real-Time Cloud Communications
The winners and losers in the move to the Real-Time Cloud Communications
Alan Quayle
 
I Love APIs London 2016 Keynote
I Love APIs London 2016 Keynote I Love APIs London 2016 Keynote
I Love APIs London 2016 Keynote
Apigee | Google Cloud
 
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Technologies
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays
 
La Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las AplicacionesLa Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las Aplicaciones
Asociación de Marketing Bancario Argentino
 
Zymr Fintech app development
Zymr Fintech app development Zymr Fintech app development
Zymr Fintech app development
Zymr Inc
 
Leveraging Cloud and APIs as a Platform for Innovation
Leveraging Cloud and APIs as a Platform for InnovationLeveraging Cloud and APIs as a Platform for Innovation
Leveraging Cloud and APIs as a Platform for Innovation
Mikael Puittinen
 

Recommended

APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays
 
The winners and losers in the move to the Real-Time Cloud Communications
The winners and losers in the move to the Real-Time Cloud CommunicationsThe winners and losers in the move to the Real-Time Cloud Communications
The winners and losers in the move to the Real-Time Cloud Communications
Alan Quayle
 
I Love APIs London 2016 Keynote
I Love APIs London 2016 Keynote I Love APIs London 2016 Keynote
I Love APIs London 2016 Keynote
Apigee | Google Cloud
 
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Continuous Application Insight: Discovery, Insight, Automation for Paralle...
CA Technologies
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays
 
La Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las AplicacionesLa Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las Aplicaciones
Asociación de Marketing Bancario Argentino
 
Zymr Fintech app development
Zymr Fintech app development Zymr Fintech app development
Zymr Fintech app development
Zymr Inc
 
Leveraging Cloud and APIs as a Platform for Innovation
Leveraging Cloud and APIs as a Platform for InnovationLeveraging Cloud and APIs as a Platform for Innovation
Leveraging Cloud and APIs as a Platform for Innovation
Mikael Puittinen
 
[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven World[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven World
WSO2
 
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
Mahbubul Alam
 
The Cloudification of Capital Markets
The Cloudification of Capital MarketsThe Cloudification of Capital Markets
The Cloudification of Capital Markets
Stephane Dubois
 
Future Trends in FSI
Future Trends in FSIFuture Trends in FSI
Future Trends in FSI
Amazon Web Services
 
The 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdfThe 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdf
InsightsSuccess4
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
Ping Identity
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
APIsecure_ Official
 
Building the TAD ecosystem
Building the TAD ecosystemBuilding the TAD ecosystem
Building the TAD ecosystem
Alan Quayle
 
Software panel
Software panelSoftware panel
Software panel
MassTLC
 
Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1
Innovation Roots
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
FahmiDzikrullah
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
LaurenWendler
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center
ForgeRock
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - Ebook
WaveMaker, Inc.
 
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Codemotion
 
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
Alan Quayle
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
LaurenWendler
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World
WSO2
 
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
WSO2
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
APIsecure_ Official
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
APIsecure_ Official
 

More Related Content

Similar to 2022 APIsecure_Harnessing the Speed of Innovation

6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
Mahbubul Alam
 
Software panel
Software panelSoftware panel
Software panel
MassTLC
 
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
Alan Quayle
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World
WSO2
 
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
WSO2
 

Similar to 2022 APIsecure_Harnessing the Speed of Innovation (20)

[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven World[WSO2Con EU 2018] Keynote - The API Driven World
[WSO2Con EU 2018] Keynote - The API Driven World
 
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
6G WILL UNLOCK THE POWER OF AI-FOR-EVERYTHING
 
The Cloudification of Capital Markets
The Cloudification of Capital MarketsThe Cloudification of Capital Markets
The Cloudification of Capital Markets
 
Future Trends in FSI
Future Trends in FSIFuture Trends in FSI
Future Trends in FSI
 
The 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdfThe 10 Most Promising IAM Solution Providers in 2022.pdf
The 10 Most Promising IAM Solution Providers in 2022.pdf
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
 
Building the TAD ecosystem
Building the TAD ecosystemBuilding the TAD ecosystem
Building the TAD ecosystem
 
Software panel
Software panelSoftware panel
Software panel
 
Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1Continuous delivery for digital transformation renu rajani v0 1
Continuous delivery for digital transformation renu rajani v0 1
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - Ebook
 
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
Domenico Maracci, Stefano Sali - Secure Continuous Delivery - Sicurezza e Dev...
 
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
TADSummit Asia 2019, Richard Im, Apigate. Apigate’s Journey from In-house Ini...
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World
 
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
[WSO2 Summit EMEA 2020] APIs: The Products of the 21st Century
 

More from APIsecure_ Official

More from APIsecure_ Official (20)

2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
 
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
 
2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems2022 APIsecure_Securing Large API Ecosystems
2022 APIsecure_Securing Large API Ecosystems
 
2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities2022 APIsecure_Quarterly Review of API Vulnerabilities
2022 APIsecure_Quarterly Review of API Vulnerabilities
 
2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIs2022 APIsecure_Top Ten Security Tips for APIs
2022 APIsecure_Top Ten Security Tips for APIs
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
 
2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise2022 APIsecure_Making webhook APIs secure for enterprise
2022 APIsecure_Making webhook APIs secure for enterprise
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?
 
2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches2022 APIsecure_Monitoring and Responding to API Breaches
2022 APIsecure_Monitoring and Responding to API Breaches
 
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
2022 APIsecure_Exploiting multi-step business logic vulnerabilities in APIs
 
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
2022 APIsecure_API Security Testing: The Next Step in Modernizing AppSec
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
 
2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials2022 APIsecure_Hackers with Valid Credentials
2022 APIsecure_Hackers with Valid Credentials
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
 
2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security2022 APIsecure_API Discovery: First step towards API Security
2022 APIsecure_API Discovery: First step towards API Security
 
2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore Toto2022 APIsecure_We’re Not in AppSec Anymore Toto
2022 APIsecure_We’re Not in AppSec Anymore Toto
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Recently uploaded (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 

2022 APIsecure_Harnessing the Speed of Innovation

  • 1. Harnessing the Speed of Innovation Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai
  • 2. ▪ Introduction ▪ The evolution of modern app development ▪ How to solve for complex API challenges ▪ Securing APIs in the new world ▪ What the future holds Agenda
  • 3. Software Code and APIs are Everywhere Nos of Developers 45 million Nos of APIs 1.2 Billion 100 Million < 10 Million < 1 Million 2020 2030 2.8 have been written in the past 20 years. Trillion Lines of Code 2010 25 Million VS
  • 4. APIs Connect Everyone and Everything IDC predicts by 2022, 90% of new enterprise applications worldwide will be developed as cloud-native, using agile methodologies and API-driven architectures that leverage microservices, containers, and serverless functions. IDC FutureScape: Worldwide Cloud 2020 Predictions, Doc # US44640719, October 2019 API Cloud Services Healthcare Mobile Services Real Estate E-commerce Govern ment Education Crypto Financial Services Insurance Media/ Entertai nment Hi-Tech
  • 5. Growing API Security Crisis 91% of organizations had an API Security incident last year… Security Magazine - Feb 2021 Data Breaches & Exfiltration Business Fraud Sensitive Data Exposure Customer & Employee Privacy Violations Regulatory Fines Intellectual Property Theft
  • 6. Business Fraud via API Allowed attacker to make unlimited cryptocurrency trades between different currency accounts Learn more Attackers could initiate orders and trade cryptocurrency they did not have by modifying the API - the coinbase validation logic did not verify source account properly, and processed the trade normally. Hacker could take over Apple iCloud Accounts by exploiting the password reset API endpoint of “Forgot Password” function Missing logic validation check in a retail brokerage API endpoint Allowed attacker to bypass 2-Factor authentication, SMS verification and password validation rate limits Learn more Rate limiting protection failed to work as designed APIs hijacked and modified
  • 7. API Attacks Are Hard to Detect ▪ Mostly Unknown threats ▪ Malicious usage of APIs for unauthorized activities ▪ Exploit your own code and business logic Hard to Detect and High Signal to Noise Ratio Countless Attack Surfaces
  • 8. Ever-changing Competitive Landscape. Business And Technical Challenge - Constant Change Costumer Needs Change Frequently. Critical Pivots: Process, Architecture, Culture, Engg.
  • 9. Smaller, autonomous teams. Business And Technical Challenge - Agile Distributed Dev Teams Shift from tightly coupled, monolithic systems to loosely coupled APIs. Higher ratio of dev to security
  • 10. Securing APIs in this new world…
  • 11. You Can’t Secure What You Can’t See Application Context API ACTIVITY Edge API Calls Internal API Calls Sequence of API Calls USER ACTIVITY Identity Devices Roles & Permissions DATA FLOW Across Sequence of Calls Between Internal Services To External Services CODE EXECUTION API Parameters Request/Response Data Errors & Latency rider / view locations rider / reserver car rider / process payment rider / send receipt 01010 01010 01010 01010 01010 Observability is the core foundation of application security Edge APIs Internal APIs External Service
  • 12. Move Over Networks, CODE Is The Next Frontier Of Cyber Security What the future holds…
  • 13. What the future holds… Transformation journeys that integrate speed, innovation. 01 02 03 APIs will become the primary vector of attack. Even more adoption of APIs as the primary method of delivering value.
  • 14. Top Three Approaches Needed for API Security Observability is Key Data Lake and Threat Hunting ▪ Capture and correlate all transactions and data for all APIs and microservices (internal, external, shadow, orphaned, 3rd party) ▪ Comprehensive breadth and depth of data captured for application security & observability ▪ Store every data trace from all API and data transactions ▪ All data is explorable, searchable, and filterable ▪ Enables deep root cause analysis and threat hunting ▪ Build full application context ▪ Understand user behavior across all activity and time based on user attribution of every transaction. ▪ Correlate all activities across sessions and time into user storylines Machine Learning Platform for Context
  • 15. Culture and Collaboration is Key Data transparency is the foundation of collaboration. 01 02 03 API security has to be part of development culture. Continuous learning between API Development and Security teams.
  • 16. Questions? Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai
  • 17. Thank you. Jyoti Bansal Co-Founder and CEO, Traceable jyoti@traceable.ai