Unbreakable API’s: Best Practices for Application Security Testing

Presented by

Eric Sheridan, Chief Scientist, WhiteHat Security

About this talk

APIs are doors into your data and applications, so pausing to include security is just as important as securing web applications. In this presentation we will discuss best practices to ensure that APIs have full security coverage, and how teams can find and fix vulnerabilities before problems arise. We’ll also cover the inflection points for security assessment in the software development life cycle (SDLC) as they may vary depending on whether the development team is enabling APIs for legacy applications or building new API-first applications. Join us to learn best practices on when to: -Perform DAST of APIs for dynamic scanning, and create a plan for remediating/mitigating discovered vulnerabilities -Perform SCA & SAST analysis for the API implementation code within the DevOps process -Use secure design patterns within the enterprise application architecture -Implement a robust feedback loop within the SDLC to act on the findings of various scans

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (63)
Subscribers (19848)
WhiteHat™ DAST is a software-as-a-service (SaaS) dynamic application security testing (DAST) solution that allows your business to quickly deploy a scalable web security program. No matter how many websites you have or how often they change, WhiteHat DAST can scale to meet any demand. Synopsys acquired White Hat Security (NTT Application Security) in June of 2022.