Unbreakable API’s: Best Practices for Application Security Testing

Presented by

Eric Sheridan, Chief Scientist, WhiteHat Security

About this talk

APIs are doors into your data and applications, so pausing to include security is just as important as securing web applications. In this presentation we will discuss best practices to ensure that APIs have full security coverage, and how teams can find and fix vulnerabilities before problems arise. We’ll also cover the inflection points for security assessment in the software development life cycle (SDLC) as they may vary depending on whether the development team is enabling APIs for legacy applications or building new API-first applications. Join us to learn best practices on when to: -Perform DAST of APIs for dynamic scanning, and create a plan for remediating/mitigating discovered vulnerabilities -Perform SCA & SAST analysis for the API implementation code within the DevOps process -Use secure design patterns within the enterprise application architecture -Implement a robust feedback loop within the SDLC to act on the findings of various scans

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (59)
Subscribers (19735)
NTT Application Security is driving the future of application security. For nearly 20 years, organizations around the globe have relied on NTT Application Security to secure their business’ digital footprint in an increasingly application-driven world. Bolstered by its award-winning, cloud-based application security testing platform, NTT Application Security delivers industry-leading accuracy by combining artificial and human intelligence to help security teams quickly identify and remediate potential vulnerabilities. Formerly WhiteHat Security, the company is an independent, wholly-owned subsidiary of NTT Ltd. and is part of NTT’s security services portfolio. NTT Application Security is headquartered in San Jose, Calif., with regional offices in Houston and Belfast. For more information, visit www.whitehatsec.com.