Hi [[ session.user.profile.firstName ]]

OWASP API Security - The Attacker's Perspective

Inon Shkedy (Head of Security Research, Traceable ; co-author OWASP API Top 10) explores the OWASP API Top 10 project and provides detailed explanations about the API threats documented in the OWASP project.

In this 4th and final episode, Inon will focus on the attacker’s perspective on API security:

How the predictable nature of REST APIs can help you to find admin endpoints and write better payloads to exploit mass assignment?
How to approach API pentest? Which features and endpoints you should prioritize to maximize your time?
What to do when you get stuck and need to expand the attack surface? What are the best tools you can use to find more entry points to the tested application?
Inon will also explore these vulnerabilities from a developer perspective and answer questions on these topics and the OWASP API Top 10.
Recorded Oct 15 2020 45 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Inon Shkedy
Presentation preview: OWASP API Security - The Attacker's Perspective

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Continuous Delivery and Application Security - The Future May 26 2021 6:00 pm UTC 49 mins
    Jyoti Bansal, Anoop Kartha
    In this webinar, Jyoti Bansal, CEO and Founder, Traceable.AI and Harness.io, explains how the new technologies of micro services, APIs, and cloud-native architectures have created new attack surfaces and potential vulnerabilities, and the things we are doing to help close the gaps.

    What we'll cover:
    - The new security challenges we’re all facing
    - How Traceable uniquely helps secure modern apps
    - How Traceable will enhance CI/CD with shift-left, shield right security
    - Demo of the product
    - Interactive Q&A with Jyoti
  • Observability: Present & Future May 20 2021 6:00 pm UTC 55 mins
    Jayesh Ahire, Sanjay Nagraj, Jonah Kowall, Wu Sheng
    Observability plays an important role in a world full of modern cloud-native applications. It helps us to understand complex architectures, the root cause of the problems, and performance issues easily. Observability has a diverse community of open source and enterprise solutions and every solution has something better to offer on its own. In this Panel discussion, we will understand our panelists' visions around observability and discuss the challenges that lie ahead. We will also hear some interesting use-cases and ways companies are trying to utilize observability to detect problems in their tech stack.
    Panelists:
    - Sanjay Nagaraj, CTO, Traceable AI (https://twitter.com/SanjayNSF)

    - Jonah Kowall, CTO of Logz.io (https://twitter.com/jkowall)

    - Janakiram MSV, Principal Analyst, Janakiram & Associates (https://twitter.com/janakiramm)

    - Wu Sheng, Founder of Skywalking | Founding engineer, Tetrate | BOD, Apache foundation (https://twitter.com/wusheng1108)
  • Continuous Delivery and Application Security - The Future Recorded: Apr 30 2021 49 mins
    Jyoti Bansal, Anoop Kartha
    In this webinar, Jyoti Bansal, CEO and Founder, Traceable.AI and Harness.io,
    explains how the new technologies of micro services, APIs, and cloud-native architectures have created new attack surfaces and potential vulnerabilities, and the things we are doing to help close the gaps.

    What we'll cover:
    - The new security challenges we’re all facing
    - How Traceable uniquely helps secure modern apps
    - How Traceable will enhance CI/CD with shift-left, shield right security
    - Demo of the product
    - Interactive Q&A with Jyoti
  • Observability: Present & Future Recorded: Apr 28 2021 55 mins
    Jayesh Ahire, Sanjay Nagraj, Jonah Kowall, Janakiram Msv, Wu Sheng
    Observability plays an important role in a world full of modern cloud-native applications. It helps us to understand complex architectures, the root cause of the problems, and performance issues easily. Observability has a diverse community of open source and enterprise solutions and every solution has something better to offer on its own. In this Panel discussion, we will understand our panelists' visions around observability and discuss the challenges that lie ahead. We will also hear some interesting use-cases and ways companies are trying to utilize observability to detect problems in their tech stack.
    Panelists:
    - Sanjay Nagaraj, CTO, Traceable AI (https://twitter.com/SanjayNSF)

    - Jonah Kowall, CTO of Logz.io (https://twitter.com/jkowall)

    - Janakiram MSV, Principal Analyst, Janakiram & Associates (https://twitter.com/janakiramm)

    - Wu Sheng, Founder of Skywalking | Founding engineer, Tetrate | BOD, Apache foundation (https://twitter.com/wusheng1108)
  • What AI can do for API Security Recorded: Apr 21 2021 60 mins
    Ravindra Guntur, Ranaji Krishna
    Using machine learning for cloud-native application security
    Join security and DevOps experts as they discuss how TraceAI uses machine learning for cloud-native application security.

    In this live session we will cover goals for TraceAI:

    High-level picture of where TraceAI sits with respect to the Traceable platform
    Representing the attack surface from an ML point of view
    Metric anomaly detection
    API call patterns, distributions and rates
    User behavior and anomaly detection
    Get hints for what we will do in the future: Trust-Risk-Plausibility
  • Introduction to the API Security Landscape Recorded: Apr 14 2021 33 mins
    Inon Shkedy
    The rapid rise of cloud-native applications, microservices, and mobile/IoT has lead to the wide-spread use of API's as the glue between all the components that make up the applications. These APIs are designed to share data and execution between services, which also makes them great attack vectors, as they have access to user data, execute business logic, are fairly transparent, and are wide-spread.

    Join Inon Shkedy, Traceable AI's Head of Security Research, as he introduces the new API security landscape and answers such questions as:

    - How do API's work?

    - Why are APIs so vulnerable?

    - Why are they so interesting to bad actors?

    - What API vulnerabilities should I watch out for?
  • Problems Runtime Application Self-Protection (RASP) Doesn’t Solve Recorded: Apr 7 2021 26 mins
    Roshan Piyush
    RASP, or Runtime Application Self-Protection, is a modern security technology that protects web applications from attacks during runtime. The technology is an important complement to defense systems that focus on the perimeter, but RASPs also have weaknesses that can introduce their own vulnerabilities.

    What are RASP’s strengths and weaknesses in protecting against modern security threats? Are there better solutions that offer more in-depth insight into attacks as well as to detect suspicious behavior?

    We'll take a deeper look into RASPs. What their advantages are, and what their disadvantages are. And then suggest some things you should look for in an app security solution.
  • API Security: Everything You Need to Know To Protect Your APIs Recorded: Mar 19 2021 61 mins
    Aaron Lieberman (Big Compass), Dan Gordon (Traceable AI)
    With more APIs in circulation than ever before, there has been a direct correlation to the number of API abuses reported across industries. This is because APIs are such a valuable asset to bad actors, but many organizations have not yet woken up to the realities of the need to protect their APIs from abuse. If you couple that with the fact that attacks on APIs have become more sophisticated, with some attackers even using AI themselves, then you can see why even some of the more security-conscious organizations can have trouble properly securing their APIs.


    A robust API Security posture can be broken down into several areas including:
    * Proper design and coding during the development process
    * API governance and compliance through visibility of all your APIs (shadow too!) and a mapping of how they connect to each other.
    * General application and API protection from tools such as API gateways, WAFs, NG-WAF, and RASPS
    * An always-updating understanding of your user behaviors regarding your APIs.


    You won’t have comprehensive API security without solutions in each of these areas.


    We will also discuss:
    * The roles of API developers, infosec, support, and enterprise architects as it relates to API security
    * Microservices role in making it difficult to secure your APIs
    * The importance of inventorying your APIs
    * How technologies like Traceable can help protect your APIs against advanced attacks


    Key takeaways:
    * Why your API's are a key attack surface for modern bad actors
    * Why API's are so much harder to secure than traditional web traffic
    * What's necessary to secure your APIs Why yesterday's solutions can't solve today's new API security challenges
  • Managing Security and Risk throughout the Digital Transformation Process Recorded: Dec 3 2020 47 mins
    Jyoti Bansal, Upendra Mardikar, Andreas Wuchner
    With digital transformation in the financial service sector accelerating faster than ever, securing the leading edge of technologies and methodologies has never been more important.

    Financial services security leaders Andreas Wuchner, Group Head IT & Risk Governance at Credit Suisse, Upendra Mardikar, Chief Security Officer at Snap Finance (formerly with American Express, Visa, and PayPal), and Jyoti Bansal, Founder & CEO Traceable, AppDynamics, Harness, and Unusual Ventures explore the new challenges:

    - What the current security stack is, and where are the gaps are with regards to protecting new architectures

    - How and why security leaders need to foster partnerships with their development and DevOps teams

    - What the role of security automation and emerging technologies are to enable that, and how to make existing personnel more efficient
  • Secure your GraphQL & gRPC APIs Recorded: Oct 29 2020 28 mins
    Renata Budko
    Are your applications protected?

    Join security experts as we discuss how optimal application and API architecture requires the use of new protocols.

    In this live session we will cover:

    The use of Traceable for cloud-native application security
    Protecting your external and internal APIs from OWASP Top 10 risks - API Security
    The new capabilities of Traceable in the GraphQL and gRPC protocols - graphql security
    The move from a 3-tier architecture to microservices made the applications more distributed and API centric and exposed internal business logic. The APIs and protocols also evolved from proprietary to standardized protocols, like REST, GraphQL, GRPC, and with flexible data structures in JSON and YAML allowing for frequent evolution.

    Hackers, always the opportunists, saw the gap and took advantage. New category of API-centric attacks emerged and became so dangerous that the OWASP API project was born to help educate security professionals about these new threats to your API security
  • OWASP API Security - The Attacker's Perspective Recorded: Oct 15 2020 45 mins
    Inon Shkedy
    Inon Shkedy (Head of Security Research, Traceable ; co-author OWASP API Top 10) explores the OWASP API Top 10 project and provides detailed explanations about the API threats documented in the OWASP project.

    In this 4th and final episode, Inon will focus on the attacker’s perspective on API security:

    How the predictable nature of REST APIs can help you to find admin endpoints and write better payloads to exploit mass assignment?
    How to approach API pentest? Which features and endpoints you should prioritize to maximize your time?
    What to do when you get stuck and need to expand the attack surface? What are the best tools you can use to find more entry points to the tested application?
    Inon will also explore these vulnerabilities from a developer perspective and answer questions on these topics and the OWASP API Top 10.
Traceable- Discover - Observe - Protect
Traceable enables security to keep up with engineering and the continuous pace of change and protect modern applications from modern threats. Traceable applies the power of machine learning and distributed tracing to understand the DNA of the application, how it is changing, and where there are anomalies in order to detect and block threats, making businesses more secure and resilient.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: OWASP API Security - The Attacker's Perspective
  • Live at: Oct 15 2020 6:00 pm
  • Presented by: Inon Shkedy
  • From:
Your email has been sent.
or close