Hi [[ session.user.profile.firstName ]]

API Recon Explained

One of the biggest problems API hackers face is attack surface, while developers know the API endpoints, external testers do not. In this webinar, we'll discuss how you perform recon on an API in order to find new routes, parameters. Exploring an APIs attack surface from the outside and some of the API tools available to help you do this.
Recorded Sep 21 2021 42 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dr. Katie Paxton-Fear
Presentation preview: API Recon Explained

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Four Simple Principles to get Your API Governance Program Off the Ground Recorded: Oct 26 2021 47 mins
    Renata Budko
    APIs have long become central to developing, running, and consuming on-line digital services. Still, operationally the management and governance of the APIs is often far behind other corporate governance practices or IT operational controls we have enjoyed in the era of on-premise data centers. In this webinar, Renata Budko, Head of Product at Traceable AI, offers her viewpoint on some simple principles you can follow to start an API Governance program. With API Governance you can reduce risk, get better at compliance, and help your development efficiency with an eye on APIs. Learn how the new technologies of micro services, APIs, and cloud-native architectures have created new attack surfaces and potential vulnerabilities, and the things we are doing to help close the gaps.

    What we'll cover:
    - Examples and consequences of good and bad API governance
    - Gaps in IT governance created by new attack surfaces and potential vulnerabilities in distributed API-driven architectures
    - Principles needed to control APIs in the era of new technologies of micro services and cloud-native architectures
    - How Traceable can help
    - Interactive Q&A
  • How to Migrate Your Organization to a More Security-Minded Culture Recorded: Oct 6 2021 45 mins
    Dana Gardner & Adrian Ludwig
    Bringing broader awareness of security risks and building a security-minded culture within any public or private organization has been a top priority for years. Yet halfway through 2021, IT security remains as much a threat as ever -- with multiple major breaches and attacks costing tens of millions of dollars occurring nearly weekly.

    Why are the threat vectors not declining? Why, with all the tools and investment, are businesses still regularly being held up for ransom or having their data breached? To what degree are behavior, culture, attitude, and organizational dissonance to blame?

    Please join us as Dana Gardner, Principal Analyst at Interarbor Solutions, and Adrian Ludwig, CISO at Atlassian, dive deeper into these more human elements of IT security and discuss how adjusting the culture of security within the organization is imperative in order to be resilient.
  • Managing API Driven Applications Recorded: Oct 5 2021 41 mins
    Renata Budko
    As the API economy accelerates, providing business services are increasingly being built using microservices and APIs. Join us on this webinar to learn how to manage your application APIs - understand the difference between internal, external and backend APIs, learn what API technology is right for your products and services and how to understand and manage the underlying performance implications and media transmissions, API security, and what you need to know about API compatibility and versions.
  • API Testing Methodology Recorded: Sep 30 2021 56 mins
    Dr. Katie Paxton-Fear
    So we know the basics of API hacking, now it's time to go deeper, in this webinar we'll move from beginner introductions to a checklist that you can follow when you conduct API testing. In addition, we'll also start to talk about API tools and what tools hackers use to test APIs from the outside. This webinar will provide a checklist for those who are familiar with API testing already and just want to focus on actionable testing
  • API Recon Explained Recorded: Sep 21 2021 42 mins
    Dr. Katie Paxton-Fear
    One of the biggest problems API hackers face is attack surface, while developers know the API endpoints, external testers do not. In this webinar, we'll discuss how you perform recon on an API in order to find new routes, parameters. Exploring an APIs attack surface from the outside and some of the API tools available to help you do this.
  • API Hacking 101 Recorded: Sep 16 2021 55 mins
    Dr. Katie Paxton-Fear
    In this webinar, we will cover the basics of API security, but instead of being a defender, we're now attacking! We'll cover the basics of API hacking including what they are, the API security top 10, how you can test for vulnerabilities in your APIs, including a demo showing these techniques not just in theory but also in practice! APIs hacking is a great place to get started with API security and hacking in general.
  • Observability should be in culture! Recorded: Sep 16 2021 33 mins
    Jayesh Bapu Ahire - Hypertrace | Aravind Putrevu - Elastic
    Observability as a notion evolved a lot over the past few years. What many organizations getting started with Observability sometimes don’t understand is you can’t just build systems and later on spend time in making them “Observable”. While building modern organizations, we should consider Observability as a part of development culture itself. In this podcast, Aravind and Jayesh will be talking about what are interesting use-cases people are solving with Observability and how Observability should be the part of culture itself!

    Speaker bio:
    Aravind(@aravindputrevu) is passionate about evangelizing technology, meeting developers and helping in solving their problems. He is a backend developer and has seven years of development experience. Currently Aravind works at Elastic as Developer Advocate and looks after the Developer Relation function of India. Previously, He worked at McAfee Antivirus as a Sr. Software Engineer in Cloud Security Domain. He has deep interest in Search, Machine Learning, Security Incident Analysis and IoT tech. In his free time, he plays around Raspi or an Arduino.

    Aravind also has a newsletter you should definitely subscribe to here.

    Jayesh Ahire (@Jayesh_Ahire1) is Founding Engineer/ Product Manager at Traceable AI where he primarily works on Hypertrace. Jayesh is the first AWS ML Hero in India, and youngest one to receive the title to date. He is the organizer of AWS UG, Elastic UG, TensorFlow UG and Microsoft AI community and many other communities in India. His research interest involved Distributed neural computer and DeFi. He is also one of the few Twilio Champions and MVB at Dzone.

    For more information on Observability and Open Source Distributed Tracing, visit: https://www.hypertrace.org
    For information on API Security and how to understand, and improve, the security posture of your applications and APIs, visit: https://traceable.ai
  • What AI can do for API Security Recorded: Sep 14 2021 61 mins
    Ravindra Guntur, Ranaji Krishna
    Using Machine Learning for Cloud-Native Application Security
    Join security and DevOps experts, Ravi Guntur and Ranaji Krishna, as they discuss how Traceable AI uses machine learning for cloud-native application security.

    In this live session we will cover goals for Traceable AI:

    High-level picture of where TraceAI sits with respect to the Traceable platform
    Representing the attack surface from an ML point of view
    Metric anomaly detection
    API call patterns, distributions and rates
    User behavior and anomaly detection
    Get hints for what we will do in the future: Trust-Risk-Plausibility
  • Introduction to the API Security Landscape Recorded: Sep 9 2021 34 mins
    Inon Shkedy
    The rapid rise of cloud-native applications, microservices, and mobile/IoT has lead to the wide-spread use of API's as the glue between all the components that make up the applications. These APIs are designed to share data and execution between services, which also makes them great attack vectors, as they have access to user data, execute business logic, are fairly transparent, and are wide-spread.

    Join Inon Shkedy, Traceable AI's Head of Security Research, as he introduces the new API security landscape and answers such questions as:

    - How do API's work?

    - Why are APIs so vulnerable?

    - Why are they so interesting to bad actors?

    - What API vulnerabilities should I watch out for?
  • Why API Security Is A Killer Use Case For ML and AI Recorded: Sep 2 2021 47 mins
    Ravi Guntur and Dana Gardner
    API security is an incredibly challenging domain where enormous amounts of data often hide bad actors and hackers who are on the attack. While machine learning (ML) and artificial intelligence (AI) for IT security are not new, API security can clearly benefit from well designed and implemented ML/AI models. Given the reality that digital businesses are constantly expanding the universe of interdependent APIs, solving API security is critical.

    Please join us as Dana Gardner, Principal Analyst at Interarbor Solutions, and Ravi Guntur, Head of ML and AI at Traceable AI, discuss how ML and AI are the next best security solution for APIs, making them secure and more resilient than ever across their life cycles and ecosystems.
  • Security Observability Recorded: Aug 31 2021 62 mins
    Sanjay Nagaraj (CTO @ Traceable AI), Jason Lam (SANS Certified Instructor) and Dan Gordon (Product Evangelist @ Traceable AI)
    With the advent of modern applications based on apis and micro services, a whole new attack surface and range of threats has evolved as is defined in the OWASP API top 10 project. This webinar will focus on the specific new threats our applications are facing and outline specific tasks and steps security professionals can take to improve awareness and reduce the business exposure to API based threats and attacks.
  • How to start API security w/o a budget - w/ Security Leader commentary and Q&A Recorded: Aug 24 2021 106 mins
    Jyoti Bansal, Sanjay Nagaraj and Ashish Kuthiala
    Traceable AI: The Industry's 1st Free API Security Solution

    Traceable AI delivers security for complex, interconnected, and dynamic applications. Bridging across Dev, Sec, and Ops, Traceable AI provides robust API visibility in order for application teams to uncover and close vulnerabilities.

    Committed to improving application security everywhere, Traceable AI, now is available in a series of tiered offerings with Free, Team, and Enterprise tiers.

    - Announcement
    - Demo
    - CSO and security leaders + industry experts commentary and Q&A
  • Observing is Not Debugging Recorded: Aug 6 2021 28 mins
    Jayesh Bapu Ahire - Hypertrace | Kislay Verma - Cure.fit
    Observability has different meanings in different contexts and every once in a while, you come across some definition or some perspective which you feel is interesting. Kislay has an interesting perspective of looking towards Observability and in this episode of talkin Observability, we will be discussing with Kislay that why he feels “Observing is not debugging” and also understand his views on event-driven Observability.
  • Telemetry for Observability Recorded: Jul 21 2021 30 mins
    Pavol Loffay, Sr. Software Engineer at Red Hat
    Observability, for applications, is the design and delivery of data from telemetry signals to provide the ability to infer and discover how the applications (and subsequently, their infrastructure) are behaving. Collecting this telemetry data is one of the most important things when it comes to Observability. In this episode of talkin’ Observability, we will be talking with Pavol Loffay who is one of creators of Hypertrace Java Agent and worked significantly on projects like OpenTelemetry, Jaeger and, Hypertrace, about telemetry data collection, OpenTelemetry project and hear his advice for people who are getting started with Observability.
  • Mobile API testing Recorded: Jul 20 2021 59 mins
    Dr. Katie Paxton-Fear
    Mobile apps have some of the biggest API attack surfaces out there, and very few hackers are looking at them! This can often mean that malicious actors have the upper hand. In this webinar, we will cover the basics of mobile API testing on Android using an emulator, the key issues in mobile API testing and how to get started hacking mobile APIs.
  • Service mesh observability Recorded: Jul 13 2021 31 mins
    Wu Sheng
    Service mesh is a way to control how different parts of an application share data with one another. Unlike other systems for managing this communication, a service mesh is a dedicated infrastructure layer built right into an app. Most of the time it acts as a tool for adding observability, security, and reliability features to applications by inserting these features at the platform layer rather than the application layer.
    Service mesh provides us a lot of out of the box capabilities like service discovery and resilience but at the same time it can also help with Observability. Observability helps us to continuously monitor the state of the application and determine what’s going on in the guts of our application, or help us detect when something goes wrong with the application. Service mesh supports collection of telemetry data especially metrics, traces and logs which are pillars of Observability and it can also collect additional important metrics.
    In this episode, we will discuss how service mesh Observability works and what is the future of it with Wu Sheng who has been working on service mesh for quite a long time. We will also understand challenges and give some pointers for people who are getting started with service mesh Observability.

    About Speaker:
    Wu Sheng is a founding engineer at tetrate.io, leads the observability for service mesh and hybrid cloud. A searcher, evangelist, and developer in observability, distributed tracing, and APM. He is a member of the Apache Software Foundation. Love open source software and culture. Created the Apache SkyWalking project and is its VP and PMC member. Co-founder and PMC member of Apache ShardingSphere. Also as a PMC member of Apache Incubator and APISIX. He is awarded as Microsoft MVP, Alibaba Cloud MVP, Tencent Cloud TVP.
  • All about your side cars - NGINX & Traceable Recorded: Jul 13 2021 68 mins
    Sudeep Padiyar, Damian Curry
    Join this webinar to learn how NGINX and Traceable can help you seamlessly deploy resilient and secure apps in Kubernetes. NGINX Ingress Controller provides load balancers with automated configuration to ensure that your Kubernetes applications are delivered reliably at high velocity. Traceable’s NGINX plugin extends those capabilities to add API Discovery and risk management, protection for all your microservices and APIs deployed in your K8s clusters.
  • Tracing: A foundation of modern Observability? Recorded: Jun 10 2021 26 mins
    José Carlos Chavez
    Distributed Tracing, which is getting a lot of mindshare in the last few years, is now becoming the new foundation of DevOps. Unlike traditional Application Performance Monitoring (APM), Distributed Tracing is intended to address the observability challenges and use-cases in the new microservices world. It is particularly well-suited to debugging and monitoring modern distributed software architectures, such as microservices. It helps pinpoint or isolate where failures occur and what causes sub-optimal performance.
    In this discussion, Jose Carlos will talk about how distributed tracing provides the context which metrics and logs don’t and what are different interesting use-cases he came across and challenges he faced while working on tracing in the past few years.

    Speaker bio:
    José Carlos 'JC' Chávez (@jcchavezs) is a Sr. Software Engineer at Traceable.ai where he works on Zipkin, Hypertrace & OpenTelemetry, and all things tracing! Prior to Traceable, JC worked at Expedia where he contributed to Zipkin and Haystack
  • Continuous Delivery and Application Security - The Future Recorded: May 26 2021 49 mins
    Jyoti Bansal, Anoop Kartha
    In this webinar, Jyoti Bansal, CEO and Founder, Traceable.AI and Harness.io, explains how the new technologies of micro services, APIs, and cloud-native architectures have created new attack surfaces and potential vulnerabilities, and the things we are doing to help close the gaps.

    What we'll cover:
    - The new security challenges we’re all facing
    - How Traceable uniquely helps secure modern apps
    - How Traceable will enhance CI/CD with shift-left, shield right security
    - Demo of the product
    - Interactive Q&A with Jyoti
  • Observability: Present & Future Recorded: Apr 28 2021 55 mins
    Jayesh Ahire, Sanjay Nagraj, Jonah Kowall, Janakiram Msv, Wu Sheng
    Observability plays an important role in a world full of modern cloud-native applications. It helps us to understand complex architectures, the root cause of the problems, and performance issues easily. Observability has a diverse community of open source and enterprise solutions and every solution has something better to offer on its own. In this Panel discussion, we will understand our panelists' visions around observability and discuss the challenges that lie ahead. We will also hear some interesting use-cases and ways companies are trying to utilize observability to detect problems in their tech stack.
    - Sanjay Nagaraj, CTO, Traceable AI (https://twitter.com/SanjayNSF)

    - Jonah Kowall, CTO of Logz.io (https://twitter.com/jkowall)

    - Janakiram MSV, Principal Analyst, Janakiram & Associates (https://twitter.com/janakiramm)

    - Wu Sheng, Founder of Skywalking | Founding engineer, Tetrate | BOD, Apache foundation (https://twitter.com/wusheng1108)
Traceable - Visibility, Protection, Analytics
Traceable enables security to keep up with engineering and the continuous pace of change and protect modern applications from modern threats. Traceable applies the power of machine learning and distributed tracing to understand the DNA of your APIs, how they are changing, and where there are anomalies in order to detect and block threats, making businesses more secure and resilient.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: API Recon Explained
  • Live at: Sep 21 2021 3:00 pm
  • Presented by: Dr. Katie Paxton-Fear
  • From:
Your email has been sent.
or close