API Security by Design

When (day):
16:00 - 17:00

Session Video

About this session

APIs are transforming the way we build applications and deliver business value. Organisations can tap into new revenue streams by productizing their service capabilities through APIs. However, with the growing use of APIs also come new security risks. APIs represent gateways into our systems, and security vulnerabilities in our APIs can open organisations to different forms of attacks. In this talk, I’ll explain how API design affects security.

I’ll analyze a collection of vulnerable API design patterns. I’ll present real-world examples of vulnerable API designs and the type of attack vectors they expose. I’ll also explain how to address the vulnerabilities, both at design and at implementation time.

As we’ll see, we can address many API vulnerabilities at design time. I’ll introduce the concept of API security by design, and how it helps us speed up the API delivery process while gaining confidence in the security of our implementation.

I’ll also show how we can automate the process of detecting and addressing vulnerabilities in our API design at scale. You’ll learn how to use tools to test and assess the security of your API designs, and how to leverage tools like fuzzy testers to automate your API security testing workflow and ensure your APIs are reliable and comply with the specification.