Name: Lessons Learned from Securing Web Apps and APIs at Internet Scale
Start: 2022-08-19T18:00:00Z
End: 2022-08-19T18:00:25.000Z
Location: BrightTALK
Rating: 0

Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai’s cloud computing, security, and content delivery solutions.

Last year, nearly one-third of web attacks targeted APIs. Join us for a live webinar as we reveal the findings from our latest State of the Internet (SOTI) report, 'Lurking in the Shadows: Attack Trends Shine Light on API Threats', and learn:

•        The latest API attack techniques
•        Regional trends
•        Real-world lessons
•        Advice around security implementations and active threats

State of the Internet: API Security

As risk to APIs grows and the attack surface expands with every new API, the conversation around API Security is more critical than ever. The 2024 API Security State of the Internet (SOTI) report showcases new insights into the attacks targeting APIs, which constitute 29% of web attacks over the past year.
Join guest speaker, Forrester Principal Analyst Sandy Carielli and Giora Engel, VP of API Security at Akamai as they deep dive into the types of attacks, extending beyond the OWASP API Security Top 10, and their implications across different industries and regions.
Is this webinar you will:
Understand real-world API Security threats
Identify impactful API attack trends
Gain visibility into the life of an API
Discover the principles of effective API security
Our experts will guide you through the necessary steps to demystifying threats facing your API landscape and fortifying your security posture without having to revise your existing infrastructure. Register now.

Around the World with APIs: Understand API Attacks Anywhere

Despite the complexity of algorithms and advanced security protocols, API security often fails to consider the sophisticated intersection of AI and API security. We will bridge this gap in our upcoming episode, ""Rise of AI Assisted API Attacks,"" by highlighting how emerging AI technologies can be harnessed to enhance protection against these modern threats.

This session will guide attendees through the latest trends in AI-driven attacks, how attackers are using AI to attack APIs, and tips and tricks from our Threat hunting team on how they use automation to combat these fast growing threats.

Ep. 5 - Rise of AI Assisted API Attacks

In rethinking their current cloud architecture, organizations see distributed cloud computing as the way to provide optimal experiences for their global customers. As a developer, you want to be able to bring your applications and workloads closer to your users, regardless of their location. So, how popular is distributed cloud computing and how are builders using and benefiting from this approach?

The third installment in a new three-part video series, Building in the Cloud: The Shift to Cloud Native, answers these questions. Episode 3: Moving to a Distributed Cloud Approach brings together third-party analyst research with real-world use cases from Akamai’s cloud engineering team.

What to expect in Episode 3:
• Find out the latest data on distributed cloud computing adoption by developers around the world
• Identify the key benefits of a distributed cloud approach including lower costs, greater flexibility, scalability, and security, and increased value to customers.

Why watch Episode 3?
• Discover the reasons why more global organizations and developers are moving to a distributed cloud approach
• Learn about real-world use cases for distributed cloud computing across industries and departments
• Explore why organizations and developers are running into limitations with their current centralized cloud infrastructure

Available soon to watch on-demand:
All three episodes of our video series Building in the Cloud: The Shift to Cloud Native
• Episode 1: The Shift to Cloud Native
• Episode 2: How to Build for Portability
• Episode 3: Moving to a Distributed Cloud Approach

Moving to a Distributed Cloud Approach

Think your site isn't vulnerable to web scraping attacks? Think again. Malicious actors are eager to compromise your webpage scripts to gain access to customer credentials or credit card information. According to Akamai research, 50% of commerce customers use 3rd party scripts, which can be vulnerable to Magecart style attacks. In this session, we'll discuss the latest PCI DSS 4.0 requirements for script protection so brands can better identify, monitor and manage suspicious and malicious script behavior.

Commerce Chats: Make a Fast Break Toward PCI Script Compliance

In today's digital-first world, the speed and security of visual content delivery can make or break customer experience. With one in four visitors abandoning a website if it takes more than four seconds to load, optimising visual assets such as images and videos for omnichannel delivery becomes a key differentiator. Join us for a fireside chat between two leading product innovators from Scaleflex and Akamai, as we dive into the complexities and solutions around managing, optimising, and securely delivering product assets across multiple channels such as online stores and marketing channels.

Key Takeaways:

- Learn how to streamline your visual content workflow at scale
- Leveraging AI to maximise the ROI of each visual asset 
- Optimise Media for Omnichannel Delivery

Join us as we unlock the secrets to preparing your visual assets for the dynamic demands of today's omnichannel landscape. Don't miss this opportunity to learn from the experts and network with peers facing similar challenges in the e-commerce industry. 

Speakers:
- John Bradshaw, Director of Cloud Computing Technology and Strategy EMEA, Akamai
- Emil Novakov, Co-Founder & CEO, Scaleflex

Fast and Secure Omnichannel Delivery of Media Assets with Scaleflex

By taking advantage of portability and open-source tools, cloud-native development enables developers to make decisions on where to deploy and move their workloads to maximize performance and cost-efficiency. Portability gives you the ability to migrate your applications, workloads, data, and other resources to the cloud environment or cloud provider of your choice.

The second installment in a new three-part video series, Building in the Cloud: The Shift to Cloud Native, is about expanding your knowledge of the key technologies involved in creating portable workloads, notably Kubernetes, an open-source platform to run applications in containers. In Episode 2: How to Build for Portability, Akamai’s cloud engineering team explains how to use open-source tools and details best practices.

What to expect in Episode 2:
• Cement your understanding of Kubernetes and Knative, and the relationship between the two technologies
• Get to grips with the components of a Kubernetes cluster, such as the ingress controller, object storage, event streaming, and observability and monitoring

Why watch Episode 2?
• Discover more about the Knative Serving and Knative Eventing components, and the use of brokers and triggers
• Learn about best practices and which open-source tools to use when building out your portable infrastructure
• Gain the knowledge and confidence to deploy your first Kubernetes cluster

Coming next:
• Building in the Cloud: The Shift to Cloud Native, Episode 3: Moving to a Distributed Cloud Approach

How to Build for Portability

Developers have to create applications quickly and cost-efficiently to always keep ahead of shifting customer and industry demands. By adopting a cloud-native approach to development, you can build applications that take full advantage of the agility, elasticity, scalability, and flexibility of cloud computing.

To begin, you need to become comfortable with the underlying concepts of cloud-native development. This is the focus of Episode 1: The Shift to Cloud Native, the first installment in a new three-part video series, Building in the Cloud: The Shift to Cloud Native.

What to expect in Episode 1:
• Clear definitions of the key terms used in cloud-native application and workload development
• The importance of having the freedom to choose the right cloud for the right workload

Why watch Episode 1?
• Learn about the benefits of taking a cloud-native approach to application and workload development
• Recognize the limitations of platform-centric thinking and the potential dangers around vendor lock-in
• Understand the concept of cloud waste and how it can be minimized by moving to cloud native

Coming next:
• Building in the Cloud: The Shift to Cloud Native, Episode 2: How to Build for Portability

The Shift to Cloud Native

In an era where data breaches and cyber threats loom large, safeguarding sensitive information within APIs stands as a paramount concern for organizations. Join us as Menachem Perlman, our Director of Solutions Engineering discusses the pivotal significance of secure data storage within API frameworks.

Join us in the first episode of our new monthly series on API Security, Join us to gain actionable insights and practical strategies for enhancing your API security posture through robust and secure data storage practices.

Don't miss this opportunity to fortify your organization's defenses and ensure the integrity of your API-driven operations. Register now for the series.

Ep. 1 - The Importance of Storing Data in Your API Security Strategy

APIs power interoperability and data exchange that leads to better clinical and financial outcomes across the healthcare ecosystem. But globally, innovations and regulations around APIs have also given rise to new cybersecurity challenges. In this talk, Akamai experts will share recent research findings from the new API Security State of the Internet Report (SOTI), use cases, and best practices to safeguard healthcare infrastructure. 

Attendees will learn:
   - The critical aspects of API security
   - How to identify and mitigate blind spots, including shadow or rogue APIs
   - How to evaluate healthcare-specific risks to fortify your security strategies

How Healthcare Can Balance the API Revolution with Cybersecurity Vigilance

Explore the lifecycle of an API with a focus on evolving security measures in episode 4 in the “If An API Could Talk” series. We will showcase how adopting a strong API security program leads to many different lenses of visibility including discovery, risk audits, and behavioral detection.

Gain insights through our recent State of the Internet report, real-world case studies on overcoming breaches and enhancing incident response. Join us to master API security best practices and stay ahead in the digital landscape.

Ep. 4 - A Year in the Life of an API: Chronicles of Security Evolution

A recent Forrester Consulting study commissioned by Akamai shows that cloud costs, complexity, and regional challenges are still top of mind for media and entertainment leaders. Other concerns include:

• 67% said their organization’s legacy systems are holding them back
• 48% cited concerns with geographical challenges, such as data sovereignty and localization
• 48% said the volume of their online processing needs limit their flexibility

Sign up today for a live webinar on April 25 to learn more about the study. The webinar will feature Akamai Cloud CTO, Jay Jenkins and Zeck Lim, Regional Sales Director from Hydrolix

How media companies are adapting to distributed cloud computing

A look at 2023’s cyber trends and what’s to come Embark on a journey through the cybersecurity landscape of 2023 with Akamai’s Security Intelligence Group. Our exclusive webinar will delve into key developments highlighted in our recently published State of the Internet (SOTI) A Year in Review report. 

What to Expect:  
- Gain valuable insights from Steve Winterfeld's frontline observations.  
- Discover Roger Barranco's perspectives from our Security Operations Command Centers.  
- Delve into Tricia Howard's exploration of the Outlook bypass vulnerability.   

Why Attend:  
- Uncover the impactful cyber trends that shaped 2023, from Magecart advancements to JWT vulnerabilities.  
- Equip yourself with lessons learned to navigate the evolving cybersecurity landscape in 2024.   

Join us for an engaging session where our SOTI report authors share their favorite security stories from 2023. Don't miss out on this opportunity to stay ahead in the ever-changing world of cybersecurity!

State of the Internet: A Year in Review

Explore the evolving landscape of compliance through our interactive webinar, focusing on the new PCI DSS 4.0 standards. In this session, Mark Carrizosa, our esteemed Director of Information Security and owner for the Akamai Global PCI program, takes on the auditor's role in a simulated live audit, while Chris Trynoga simultaneously demonstrates how Akamai Guardicore Segmentation adeptly navigates the evolving compliance challenges of PCI 4.0. This webinar aims to clarify and simplify the complexities involved in adhering to the new standards, offering an in-depth examination of the procedures and tactics for seamless compliance navigation. 

Gain hands-on experience with the most current compliance strategies and acquire thorough knowledge on the critical elements of PCI DSS 4.0, all through a mix of expert discussions and real-time demonstrations. Whether you're new to the compliance scene or a veteran looking to update your practices with the newest standards, this webinar is designed to elevate your understanding and application of compliance measures.

During the session you will::
- Understand the nuances and requirements of PCI DSS 4.0 from experienced professionals. 
- Learn how to leverage Akamai Guardicore Segmentation for efficient and effective compliance with the latest standards. 
- Enhance your understanding of PCI DSS 4.0 and how to apply it to your compliance efforts.

Note: The simulated audit scenario presented is designed for educational purposes to illustrate proactive compliance strategies with PCI DSS 4.0. Individual results may vary.

Ready, Set, Comply: Gearing Up for PCI DSS 4.0 Compliance

Are you spending a third of your cloud infrastructure budget on observability? Do you have to discard certain data to keep costs down? Bid farewell to painful tradeoffs.  

Introducing TrafficPeak on Akamai Connected Cloud. A managed observability service powered by Hydrolix software.

With TrafficPeak, you can:

•       Ingest and retain all your data, no matter the size, for years.
•       Enjoy significant cost savings compared to other observability providers.
•       Optimise your budget while maintaining robust data capabilities.
•       Attain complete visibility into the performance and security of your applications and infrastructure.
•       Proactively address potential issues to prevent them from evolving into business disruptions.

How Observability Can Proactively Safeguard Your Customer Experience

As the reliance on APIs continues to surge, so does the scale of security threats aimed at exploiting data vulnerabilities. These threats highlight the need for effective data protection methods. Data tokenization and data encryption stand out as key techniques, each offering unique benefits and applications.

In our upcoming webinar, we'll closely examine these strategies, emphasizing the critical role of tokenization in safeguarding your API data.

Join us to explore the essentials of API data protection and discover the importance of tokenization in creating a robust security strategy. We'll demonstrate how tokenization ensures the safety of your data, maintaining its confidentiality, integrity, and accessibility in our digital era.

Ep. 3 - The Importance of Data Tokenization Over Traditional Encryption

Are you concerned about not having complete visibility into all application dependencies across your new cloud deployments?
If so, you’re not alone. Visibility is a top concern for organizations looking to enhance their cloud security and create consistent policies across their hybrid infrastructure. 

In this webinar, we'll demonstrate how network security professionals can effortlessly manage segmentation across public cloud environments and on-premises data centers through a single console, achieving:
1. Faster time to policy deployments
2. Single network governance across data centers and cloud
3. Reduced management complexity.
4. Compliance to regulations specific to the cloud

During the session you will learn:
- How advancements in microsegmentation can allow you to protect more with less
- Key use cases for cloud segmentation
- How visibility that encompasses on-prem and cloud workloads enables more efficient security policies
- A demo walkthrough of cloud segmentation so you can see it in action.

Why Segmentation is Crucial to Contain Breaches in the Cloud

Securing customer data and privacy is as important to service providers as delivering fast, reliable internet. Customer satisfaction and business stability depend on it, and standards like PCI DSS 4.0 and other regulations mandate it. Security is a continuous process because hackers never sleep—new approaches are needed to defend against new attacks, and offer more flexibility to achieve security objectives.

This webinar will discuss Akamai’s Microsegmentation. It’s an emerging security best practice that offers several advantages over more established approaches to provide your organization
comprehensive protections for business applications. Focused on pre-breach and the time during a breach, we’ll discuss the steps for proactive hardening through a layered approach to security, as well as what you should do if you are experiencing a breach.

Join Akamai experts as they discuss microsegmentation, and hear from a leading ISP about why they chose the Akamai solution, and how it meets their requirements.

A New Way for Carriers to Stay Secure and Navigate Compliance

Defeating Ransomware: Security Controls That May Surprise You

The Year of Zero Days – Defending Against the Million Dollar Threat

Life's a Breach: Understand Threat Intelligence, Cyber Maturity and Resiliency

Fireside Chat with Invicti and Clarify360 on Application Security

The Post-Pandemic Threat Landscape

True Tales from AppSec Customers

Without Correlation, Your AppSec Testing Approach Needs an Update

How to Build a Blueprint for Secure Software

Why Can't We Make Secure Software?

Eliminate Ransomware Risks With the Right Backup Strategy

Update Your Application Security Strategy

Social Engineering and Security Awareness

Build Resistance to Attacks by Unlocking the Value of Ethical Hackers

Building a Robust Enterprise Security Program

Your Security Metrics Are Lying (And What To Do About It)

A Road Less Traveled: Learning the Value of SME Enterprise Security Management

Limiting the Impact of Future Ransomware Threats

Leverage Network Data To Minimize Your Cybersecurity Risk

The steps to sensible auto-remediation

It's Time to Modernize Threat Detection

Understand Threat Detection and Response Solutions and Services

The Evolution of Prevention-First Cybersecurity

Outwit Attackers with a Proactive Cybersecurity Plan

Combating Cyber Threats & Breach Prevention 2022

Application Security for Billions: Lessons Learned from Securing Web Apps and APIs at Internet Scale

Whenever you hear people talking about web and application security, you’ll often learn about the latest way to make sure you’re not ingesting user supplied input the wrong way, or how to write secure code to prevent cross site scripting, etc. 

But, have you ever wondered what it’s like to secure business critical websites, and the ever-evolving growth of API’s and bespoke applications that are developed every day across thousands of websites in dozens of countries around the world?

In this webinar, Tony Lauro, Akamai’s Security Technology and Strategy Director, will cover:
- What defenders are doing at scale to defend the evolving threats targeting websites 
- Methods for cutting out the noise of benign, but annoying vulnerability verification requests
- Best practices for managing large scale security configurations
- Some of the ways that defenders are winning against these unimaginable odds, as well as how attackers are targeting these very same applications hoping to bypass security by obscuring their attack techniques

Lessons Learned from Securing Web Apps and APIs at Internet Scale

Application Security

Security

IT Security

Application Monitoring

Cyber Attacks

API Management

APIs

Cyber Security

Security Awareness

Web Application Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Lessons Learned from Securing Web Apps and APIs at Internet Scale

Presented by

About this talk

More from this channel