Today’s applications thrive on the interactions with data sources, authentication and directory services, and other applications through APIs that include REST, SOAP, graphQL, websockets, and remote procedure calls. But each of these modern methods of communication between applications and platforms provides threat actors with a potential point of access and control. Last year, we saw 700 million LinkedIn records stolen using a technical flaw in their API.
Many organizations see 2022 as the year of the API as the threat surface of choice for those cybercriminals looking for an untapped “market” to target. This means Security, Product Security, and DevSecOps teams need to be just as aware of the potential risks and threat surface APIs create as with any other initial attack vector that is included within your cybersecurity program.
In this Real Training for Free session, Microsoft MVP Nick Cavalancia takes my seat as he first discusses:
- The state of cyberattacks using APIs
- MITRE’s take on API-based attack techniques
Nick will be joined by Stepan Ilyin, Co-Founder of Wallarm, who will discuss the most common API security issues, their implications, and mitigation strategies, covering:
- How to address the most common API Security issues
- The key components of building your API Security strategy
- The tools that help product security teams keep up with the rapid pace of engineering and application deployments
Stepan will demonstrate API Discovery and asset discovery, as well as the detection and mitigation of attacks via REST APIs, gRRPC, websockets, and API abuse.
He’ll also provide practical guidance around:
- Protecting APIs in the modern environments (e.g., cloud-native, K8s, etc.)
- Protecting against API abuse and account takeover
- What open source and commercial tools you can use
- How to prepare yourself against the log4shells of tomorrow
- Practical lists to use including OWASP Top10, API OWASP Top10
This real training for free event will be jam packed with technical detail and real-world application. Register today!