Jose Haro PeraltaSession Video
About this session
APIs are transforming the way we build applications and deliver business value. Organisations can tap into new revenue streams by productizing their service capabilities through APIs. However, with the growing use of APIs also come new security risks. APIs represent gateways into our systems, and security vulnerabilities in our APIs can open organisations to different forms of attacks. In this talk, I’ll explain how API design affects security.
I’ll analyze a collection of vulnerable API design patterns. I’ll present real-world examples of vulnerable API designs and the type of attack vectors they expose. I’ll also explain how to address the vulnerabilities, both at design and at implementation time.
As we’ll see, we can address many API vulnerabilities at design time. I’ll introduce the concept of API security by design, and how it helps us speed up the API delivery process while gaining confidence in the security of our implementation.
I’ll also show how we can automate the process of detecting and addressing vulnerabilities in our API design at scale. You’ll learn how to use tools to test and assess the security of your API designs, and how to leverage tools like fuzzy testers to automate your API security testing workflow and ensure your APIs are reliable and comply with the specification.
Publications:
- Microservice APIs (Manning, 2022 - http://mng.bz/0wmx)
- Secure by Design"", at APIDays London, September 2023 (https://youtu.be/ARiczQVcqC0)
- API Security Fundamentals"", webinar, March 2023 (https://youtu.be/Pj3crnYZEKM)
- Hacking APIs with Python"", webinar hosted by Amicus Recruitment, May 2023 (https://youtu.be/9mdpFVWBHnI)
- API Security by Design"", webinar with Frank Kilcommins, hosted by SmartBear, July 2023 (https://youtu.be/acXpD1tRmCQ)