Name: Ep. 16 BOPLA-Driven API Security: Enforcing Process-Level Authorization for Threat Mitigation
Start: 2025-05-27T15:00:00Z
End: 2025-05-27T15:00:11.000Z
Location: BrightTALK
Rating: 0

Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai’s cloud computing, security, and content delivery solutions.

In episode 15 of "If Your APIs Could Talk" episode, we'll explore the new Compliance Dashboard in Akamai API Security. This powerful feature helps organizations track how their APIs align with major compliance and security frameworks like OWASP, PCI DSS, GDPR, ISO-27001, and NIST – offering a clear view of compliant vs. non-compliant APIs, open findings, and audit readiness over time. We’ll also highlight how this builds on existing compliance capabilities in the solution, including posture finding and runtime incident mapping to common compliance and security frameworks. The session will include a walkthrough of the dashboard, a look at how compliance data is surfaced throughout the platform, and tips for streamlining audits and reducing risk in regulated environments.

Ep. 15 - Enhancing API Compliance: A Deep Dive into Akamai’s New Compliance Dashboard

Modern cyber threats are more sophisticated than ever, bypassing even the most advanced security defenses. Akamai HUNT takes security to the next level by leveraging real-time segmentation data, third-party integrations, and cutting-edge telemetry to uncover and neutralize hidden threats before they cause damage. With no additional agent rollout required, organizations can seamlessly enhance their security posture while avoiding alert fatigue and unnecessary operational burdens.

In this webinar, we’ll walk you through the power of Akamai HUNT, real-world success stories, and a live product demo showcasing how security teams can detect and respond to advanced threats in real time.

What You’ll Learn:
- Understanding Akamai HUNT – How it enhances Guardicore segmentation and integrates with OSquery for deep visibility.
- Real-World Threat Hunting Scenarios – Case studies showcasing how Akamai HUNT identified crypto-mining malware, admin credential leaks, and PowerShell abuse.
- Advanced Threat Detection & Incident Response – How Hunt’s detection engine minimizes false positives and prioritizes the most critical threats.
- Live Demo – See how Hunt visualizes threats, maps attack paths, and provides actionable remediation steps.
- Security Best Practices & Future Innovations – Insights into upcoming enhancements to segmentation rules and proactive threat prevention.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number in the 'Question' section.

Note: This is a re-run webinar (not live), but feel free to submit your questions—we’ll address them in follow-up emails.

Hunting the Most Evasive Cyber Threats With Akamai HUNT

Imagine an attacker effortlessly accessing sensitive user data—simply by modifying an API request. In Episode 14 of If Your APIs Could Talk, we dig deep into Broken Object Level Authorization (BOLA), the #1 API security risk in the OWASP API Security Top 10 (2023), allows just that. This webinar unpacks how BOLA attacks happen, from unauthorized data exposure to full account takeovers, and why traditional access controls often fail. 

You’ll learn how to detect and defend against these threats using robust authorization models, API security gateways, and real-world mitigation strategies. Join us to expose the risks lurking in your APIs before attackers do.

Ep. 14 - The Hidden Dangers of BOLA

As healthcare organizations accelerate their digital transformation, they face an evolving landscape of cyber threats, from DDoS attacks and ransomware to vulnerabilities in API security. With healthcare data, financial data and critical systems increasingly interconnected, the need for robust cybersecurity measures has never been greater. In this session, we’ll explore key trends and best practices for leaders to safeguard and advance a secure and scalable healthcare ecosystem.

Optimizing Healthcare Cybersecurity: Threat Trends, DDoS Defense, and API Security

Modern applications are built on APIs, yet traditional application security approaches often overlook this critical attack surface. While application security focuses on code vulnerabilities, misconfigurations, and runtime protections, API security addresses the unique risks posed by API exposure, authentication, data access, and business logic abuse.

In this webinar, we'll break down the relationship between API Security and Application Security, highlighting where they overlap, how they differ, and why organizations must prioritize both to protect against modern threats. We'll also discuss how strengthening API security can help reduce key risks on your risk heatmap, making them less likely to occur and minimizing their potential impact.

Who should attend?
CISOs, CIOs, Security Architects, SOC teams, DevSecOps, and anyone responsible for securing applications and APIs in today's evolving threat landscape.

Join us to learn how API security helps reduce organizational risk, enabling security leaders to manage API threats effectively and align security efforts with business objectives.

Application Security ≠ API Security: Understanding the Differences & the Need for Both

To thrive, enterprises must become real-time businesses. According to an MIT | CISR study, companies excelling in ‘real-time-ness’ achieve 62% higher revenue growth and 97% higher profit margins.

Why Successful Enterprises Are Real-Time Businesses

Regulatory compliance is growing more complex, and financial institutions face increasing risks from limited visibility and vendor sprawl. A new commissioned study conducted by Forrester Consulting on behalf of Akamai highlights the challenges and solutions for mitigating compliance risks.

Join our fireside chat with an Akamai expert and guest from Forrester to explore key findings, the impact of limited visibility, vendor sprawl, and siloed departments, and strategies to strengthen compliance with regulations like DORA.

Key Takeaways:
- Insights from Akamai’s commissioned study conducted by Forrester
- How to reduce compliance risks and vendor sprawl
- Best practices for meeting global regulatory standards

Register now!

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number in the 'Question' section.

Improved Visibility Reduces Compliance Risk In Financial Services

In Episode 13 of If Your APIs Could Talk, we explore how Akamai and Apiiro are transforming API security through their powerful integration. By combining Akamai’s API Security with Apiiro’s application security posture management (ASPM) platform, this partnership delivers unmatched visibility and protection for APIs from code to runtime. 

Learn how this partnership enables organizations to discover API vulnerabilities, map them to their source code, and empower developers with actionable insights to remediate faster. Together, Akamai and Apiiro bridge the gap between security and development teams, reducing risk, accelerating resolution, and fostering secure innovation. Join us to see how this collaboration redefines comprehensive API security.

Ep. 13 - From Code to Runtime: Akamai and Apiiro partnership

The attack surface is not only getting wider, it’s also getting deeper. The year 2024 saw a vast swath of threats, including old threats that have become relevant again. With the expanded use of LLMs and APIs, we can expect those threats to continue into 2025 and beyond.

Join us for a webcast about our Defenders' Guide 2025, which includes practical, hands-on, and highly technical content based on real-life examples we saw at Akamai in 2024. We pulled together multiple specialists — real defenders, researchers, data scientists, and threat hunters — to collaborate on a well-rounded guide.

Overall topics include: 
- Risk management 
- Network architecture
- Host security
- Threat actor evolution

Register now to get a head start on your defenses for 2025.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing in the question section your ISC2 Member ID number.

Defenders' Guide 2025: How to Effectively Prepare for the Year Ahead

In this episode Tricia rejoins her special guest from Episode 15, Senior Security Researcher Sam Tinklenberg, who chats about new vulnerabilities, including cross-site scripting, why it is definitely not dead, and provides tips on how to secure against it.

SIG Download: Episode 16 - Valentine Weak Spots: Securing the Heart of Your Enterprise

Navigating the complex landscape of cloud solutions is a critical decision for businesses, one with far-reaching implications.
 
Join us for an event that dissects the advantages and considerations of hybrid, public, and private clouds. This EcoCast will convene top experts from leading cloud companies, who will show you how their tools, tips, and best practices can help you craft the perfect cloud strategy for your infrastructure.

Hybrid/Public/Private Clouds: Which Cloud Is Right for Your Infrastructure?

Protecting your critical applications with a Zero Trust Framework means securing your north-south and east-west traffic together. This isn't always easy - lack of visibility combined with complex infrastructures make it difficult to implement end-to-end segmentation. You need to be able to see the whole picture, ensuring your security policy seamlessly extends to your firewalls.

Join us for an exclusive webinar where you'll learn how Akamai and AlgoSec work together to solve these issues by delivering end-to-end visibility, automated policy enforcement, and streamlined operations.

In this webinar you'll learn how to:
• Gain actionable insight into workloads, servers, endpoints and application traffic across all networks whether they're in the cloud and on-prem.
• Simplify segmentation with dynamic policy creation and enforcement, reducing errors and boosting security efficiency.
• Automate workflows for a unified approach to managing complex, dynamic networks.

Stat tuned for the demo that starts 20min into the session.

Don't miss this chance to learn how to secure your critical applications with a simple, secure, and unified segmentation strategy!

Enhancing Zero Trust with Micro- and Macro- Segmentation

In this episode Tricia chats about authentication libraries with Akamai security researcher Sam Tinklenberg. Listen as they cover open source, SAML vulnerabilities, signature wrapping, and more.

SIG Download: Episode 15 - Into the Storm: 2025 Cyber Threats Uncovered

Uncover the transformative potential of cloud technology in driving business value and innovation. This enlightening EcoCast will explore how the cloud-powered enterprise is reshaping industries, accelerating growth, and enhancing competitiveness.
 
Because understanding how to leverage these platforms for optimal business value is essential, this event will explore the strategic advantages of cloud adoption, highlighting ways it can transform operations, drive innovation, and enhance efficiency. Industry experts will discuss effective approaches to cloud migration, managing hybrid environments, and optimizing costs while maintaining security and compliance. Gain a comprehensive view of the cloud's potential to enable growth and flexibility within your enterprise.

The Cloud-Powered Enterprise: Creating Business Value

As web applications and APIs have proliferated, they’ve become an attractive target. Akamai’s latest report reveals an increase of 49% in web attacks from Q1 2023 to Q1 2024. The report also provides detailed analyses of trends by industry and region, and a look at DDoS attacks with a DNS component. Access the report for the insights you need to effectively prioritize your security strategy and spending.

Digital Fortresses Under Siege: Threats to Modern Application Architectures

In this "If Your APIs Could Talk" episode, we'll explore the Traffic Audit feature of the Akamai API Security solution. We'll introduce participants to Traffic Audit's powerful capabilities, including recording, visualizing, and analyzing API traffic within their environment. Traffic Audit allows users to easily identify and manage the risk exposure of suspicious users and unusual API behaviors by recording data flows and creating custom audits based on specific criteria. With Traffic Audit, users gain valuable insights into API activity, such as forensic analysis for specific attacks, investigation of suspicious user behavior, and troubleshooting API configurations.

The webinar will provide a comprehensive overview of how Traffic Audit works, including how to create audits that capture and retain traffic according to predetermined filters and rules. Don't miss this opportunity to learn about the innovative capabilities of Traffic Audit and how it can enhance your API security.

Ep. 11 - Deep Dive into API Security Traffic Audit Capability

In this episode Tricia chats with Akamai security researcher Ori David. Their discussions cover process injection attacks, the Linux attack surface, and how to protect it, Don't miss these crucial insights into the latest cybersecurity threats!

SIG Download: Episode 14 - Fa-la-la-la-Linux: Process Injection Isn’t Just for Windows

Ep. 12 - Top Product Highlights from 2024

Ep. 10 – Workflow Automation Deep Dive

Ep. 9 - Akamai API Security Native Connector Deep Dive

Ep. 8 - Anatomy of an API Attack: Insights from a Real-Life Breach

Ep. 7 - Doubling Down on API Security

Ep. 6 - Monitor Right & Shift Left: Reshaping API security with Advanced Testing

Ep. 5 - Rise of AI Assisted API Attacks

Ep. 4 - A Year in the Life of an API: Chronicles of Security Evolution

Ep. 3 - The Importance of Data Tokenization Over Traditional Encryption

Ep. 2 - What Drives API Security Compliance

Ep. 1 - The Importance of Storing Data in Your API Security Strategy

If Your APIs Could Talk

APIs are a growing attack vector, exposing organizations to threats like unauthorized access, injection attacks, and abuse. Traditional access control models struggle to enforce business-specific authorization, leading to security gaps.

In episode 16 of If Your APIs Could Talk, we examine API3:2023, BOPLA (Business-Oriented Process-Level Authorization) as a solution for implementing fine-grained, context-aware access controls within APIs. We will cover key security challenges, real-world attack scenarios, and how BOPLA enforces dynamic policies to mitigate risks while maintaining performance and compliance.

Gain practical insights into integrating BOPLA with API gateways, designing scalable authorization frameworks, and applying policy-based access control that adapts to real-time business contexts. The session will also explore how BOPLA enhances security by leveraging attribute-based access control (ABAC), role-based access control (RBAC), and risk-aware authentication models. Additionally, we will discuss best practices for monitoring and auditing API access, ensuring regulatory compliance, and optimizing security without introducing latency.

Ep. 16 BOPLA-Driven API Security: Enforcing Process-Level Authorization for Threat Mitigation

API Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Ep. 16 BOPLA-Driven API Security: Enforcing Process-Level Authorization for Threat Mitigation

Presented by

About this talk

More from this channel