Name: API Security: A CISO's Perspective on API Risks
Start: 2022-03-17T19:00:00Z
End: 2022-03-17T19:00:47.000Z
Location: BrightTALK
Rating: 5

Dive into All Things API Security with Noname, the most powerful, complete, and easy-to-use API Security Platform that helps enterprises discover, analyze, remediate, and test all legacy and modern APIs. Easily resolve API vulnerabilities across the entire API estate.
Learn More About the Noname API Security Platform: NonameSecurity.com					

APIs are everywhere. Any business with a mobile app, modern web apps (SPAs), using the cloud, doing a digital transformation, integrating with business partners, running microservices or using kubernetes all have APIs. There's a good foundation of AppSec knowledge out there but API Security isn't exactly the same as AppSec. Additional complexity is part of the landscape with multiple competing API technologies like REST, gRPC and GraphQL plus stakeholders spread across multiple parts of the business. 

How do you make sense of the API Security landscape? 

This talk will cover the three fundamental areas to consider, the various chess pieces in play and the many ways those pieces can be put on your API chessboard. The goal is for you to leave knowing how to map out your API Security landscape and reach a state of solid API Security.

The 3 Pillars of API Security Success

With thousands of new apps spawning everyday, applications remain a preferred attack vector for cybercriminals. For that reason, security leaders are prioritizing application security initiatives and development teams are taking more ownership of security. But a holistic approach can’t be complete without special attention to API security.

In this webinar, Forrester Principal Analyst Sandy Carielli discusses her research findings, and why API security testing throughout the development lifecycle is imperative for application security.

Key takeaways:
- The most common attack vectors for external attacks
- Who is involved in application security, and how this is shifting
- Discover which industries are leading in API security adoption

Why Securing APIs is Critical to Application Security

Securing APIs continues to be a never-ending challenge for many organizations. Putting focus on the important security issues first is a great way to maximize your team’s efficiency. But what are the most important issues? It can vary depending on your organization. 

If you are not sure how to get started, the API security group at OWASP maintains a ranked list of the top API risks. It's a great resource, and while The OWASP API Security Top 10 list may not be applicable to all of your APIs, it's a good place to start.  
 
In this webinar, we will break down the OWASP API Security Top 10. We’ll cover what you need to know about each as well as actions you can take to ensure your APIs are adequately protected.

A Breakdown of the OWASP API Top 10 - What You Need to Know

The release of the most anticipated vulnerability research report in financial services and FinTech history is here. Alissa Knight unveils API vulnerabilities across the industry by hacking 55 apps throughout the financial industry. 

In this webinar, we'll cover key takeaways from this controversial research — plus, hear directly from Alissa what she learned from robbing banks.

A Hacker’s Perspective on Lessons Learned in Hacking 55 Banks

You’ve got an AppSec / Product Security program. You’re floating on a sea of software, trying to make sense of it.  You’re focused on getting the big things out of the way first: 

• Audit checks against the OWASP Top 10
• Devs have taken OWASP Top 10 training

There just might be land in sight... But there’s something you missed: The API Security Risks. 

Learn how to jump the API Security shark in this webinar.

Are you Safe from OWASP #11?

Nearly every modern application built today uses an API or is an API itself. The growth of APIs is increasing at an explosive rate or more that 60% YoY (DevOps Digest).  

According to Gartner, by 2021, 90% of web-enabled applications will have more attack surface area in exposed APIs than in the user interface (UI). Gartner also predicts that by 2022, API abuses will be the most-frequent cyber-attack vector.

Matt Tesauro, a 13-year project lead at the OWASP Foundation and leading DevSecOps and Security Automation advocate, will take you through why API Security is different from other traditional AppSec, who plays a role in securing APIs, and how to evaluate the state of your API Security. Matt will be joined by Mark Campbell, Sr. Director of Product Marketing at Noname Security. Mark will moderate this discussion.

Watch this webinar to learn:
• How API Security is different from the “normal” application security
• API Security Fundamentals
• Why API Security is hard but new tools are out there 
• Who needs to be involved in your API Security strategy
• How to get started: A Getting Starting Checklist with 6 Steps to API Security

API Security 101: The Why, Who, and How to Secure this Top Attack Surface

With technological evolution, radical innovations, and rising customer expectations in the backdrop, adopting an API-first approach in the payments space has never been more critical! 

In this webinar, we will give you the lowdown on how APIs are disrupting digital payments innovation in 2021 and beyond. 

Most FIs and FinTechs believe that working with third parties will help them augment portfolios with ecosystem-based propositions. Join us to learn how key payment ecosystem players are tapping into partner APIs to build their own solutions and add new values for the end-user. In this webinar, industry experts will dive into: 

• How the FIs and FinTechs are adopting APIs as a more flexible and intuitive alternative 
• How APIs yield speed and flexibility for next-gen payment platforms 
• How to proactively address the security of APIs, detecting vulnerabilities and misconfigurations before they are exploited 
• Benefits of working with partners / third parties throughout the value chain

Speakers
• Soumya Johar, Director – Strategic Alliances & Partnerships at Opus Consulting Solutions
• Karl Mattson, Chief Information Security Officer at Noname Security
• Jordan Esbin, Head of API and Developer Experience Products at FIS
• Gunnar Stoa, Distinguished Solution Engineer at MuleSoft
• Tim Sloane, VP Payments Innovation at Mercator Advisory Group

APIs Driving the Next Wave of Payments Innovation

APIs are at the heart of Digital Transformation initiatives. APIs provide access to business technologies and ecosystems that are driving modern business innovation, yet APIs don’t always have adequate security controls. Protecting APIs requires a shift in strategy and operations that expands beyond just the IT Security team.

Join Karl Mattson, CISO of Noname Security, as he answers questions about why securing APIs has been so difficult. Karl will also cover additional topics including:

• How API Security is different from the “normal” application security
• Why gateways and WAFs only cover some of the API estate
• How to expose authentication flaws before a breach has occurred
• A walk through the API Security Journey

Watch the webinar recording to learn more.

API Security: A CISO's Perspective on API Risks

APIs

API Management

CISO

CISO forum

API Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

API Security: A CISO's Perspective on API Risks

Presented by

About this talk

More from this channel