Sandy Carielli - Principal Analyst, Forrester Research and Arthur Hicken - Chief Evangelist, Parasoft
APIs are the building blocks of modern applications. If the APIs aren’t secure, the system isn’t secure, but API security testing is tricky: it requires both API testing skills as well as developer skills to exercise the APIs in a meaningful way. It also has the challenges of security testing – you need security knowledge as well as application knowledge to attack the system and validate its behavior.
Shifting API security testing left is critical to minimize costs and reduce impact on release schedules. DAST and API testing get you started, but the best way to get ahead is to implement security best practices and standards in development, using SAST. The OWASP API Security Top 10 is a great way to start.
In this session, learn how SAST can help drive your security testing efforts, including:
• The importance of API security and how OWASP API Security Top 10 addresses the need.
• Adding SAST to your SDLC and pipeline to harden the application against attack.
• Producing the right reports for your security team without extra effort.