Hi [[ session.user.profile.firstName ]]

How to Protect Cloud-Based APIs from Data Scrapers and Cloned Apps

If you are deploying APIs, even private ones, you are leaving your revenue stream open to exploitation. APIs are a window into your business and if there is a way to make a gain from abusing that API, someone will do it. Worse, thousands of people or thousands of bots may do it.

The art of keeping scripts and bots from abusing your APIs requires you to validate that the incoming traffic is coming from an authentic client. Merely authenticating users may not be appropriate or may not be enough. When the remote client is a mobile app and you know that mobile devices should not be trusted, achieving the authentication goal is easier said than done.

This session will explain how Racing Post launched a feature-rich API and a new native mobile app and managed to protect their valuable data from API scrapers and their brand reputation from cloned apps. We will cover their experiences with bots, their approach to the problem and how they solved it.

Whether you are a mobile or API developer, an enterprise system architect, or even a product owner with strong mobile revenue, you'll want to hear this story.
Recorded Apr 24 2019 46 mins
Your place is confirmed,
we'll send you email reminders
Presented by
David Stewart - Co-Founder, CriticalBlue and Stephen Gorton -Technical Architect, Racing Post
Presentation preview: How to Protect Cloud-Based APIs from Data Scrapers and Cloned Apps

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Achieving Data Agility in a DevSecOps World Dec 11 2019 11:00 am UTC 35 mins
    Sanjeev Sharma, VP and Global Practice Director for Data Modernization, Delphix
    As organizations mature on their DevOps adoption journey, adopting Continuous Integration and Continuous Delivery (CI/CD) automation, and breaking down organizational silos, application delivery and infrastructure provisioning speed is being accelerated. The next challenge now being exposed is the lack of agility in delivering Data into non-production environments.

    Development and Testing require the availability of relevant data in the production-like Dev and Test environments on demand, to ensure rapid testing and validation of each Build. Data is however difficult to provision and deliver on demand. This results in Data Friction being the impediment to true ‘flow’ through application delivery pipelines. Other than the inherent cost and time it takes to provision and store data instances, there is also the risk that exponentially increases as more and more instances of Data are provisioned in multiple non-production environments.

    As Dev-Test teams deliver faster and leverage more environments across parallel development streams, the number of non-production Data instances is typically several orders of magnitude higher than Production instances, increasing the exposed surface area. The ask hence is to be able to provision and deliver production-like Data instances, on-demand, as, when and where Dev-test practitioners need them in non-prod environments, while securing the Data at the same time.

    In this session Sanjeev Sharma, VP and Global Practice Director for Data Modernization will discuss practices large enterprises need to adopt, across Process, Technology and People in order to be able to Provision, Deploy, Manage, Govern, and Secure Data in Application Delivery Pipelines, addressing Data Friction and Data Security challenges that may be impeding DevSecOps adoption.
  • CCS [Ep.6]: Next-Generation Cybersecurity - Policy Process and Organization Oct 31 2019 3:00 pm UTC 60 mins
    Johna Till Johnson, CEO and Founder, Nemertes Research
    Cloud and Cybersecurity Series [Ep.6]: Next-Generation Cybersecurity: Policy Process and Organization

    Resources are finite. So deploying them wisely is what differentiates successful cybersecurity organizations from those that are less successful. Find out how these successful cybersecurity organizations are structured, what policies they have in place, and what strategies they do—and don’t—follow to protect their enterprise organizations.
  • Achieving Data Agility in a DevSecOps World Oct 24 2019 9:00 pm UTC 35 mins
    Sanjeev Sharma, VP and Global Practice Director for Data Modernization, Delphix
    As organizations mature on their DevOps adoption journey, adopting Continuous Integration and Continuous Delivery (CI/CD) automation, and breaking down organizational silos, application delivery and infrastructure provisioning speed is being accelerated. The next challenge now being exposed is the lack of agility in delivering Data into non-production environments.

    Development and Testing require the availability of relevant data in the production-like Dev and Test environments on demand, to ensure rapid testing and validation of each Build. Data is however difficult to provision and deliver on demand. This results in Data Friction being the impediment to true ‘flow’ through application delivery pipelines. Other than the inherent cost and time it takes to provision and store data instances, there is also the risk that exponentially increases as more and more instances of Data are provisioned in multiple non-production environments.

    As Dev-Test teams deliver faster and leverage more environments across parallel development streams, the number of non-production Data instances is typically several orders of magnitude higher than Production instances, increasing the exposed surface area. The ask hence is to be able to provision and deliver production-like Data instances, on-demand, as, when and where Dev-test practitioners need them in non-prod environments, while securing the Data at the same time.

    In this session Sanjeev Sharma, VP and Global Practice Director for Data Modernization will discuss practices large enterprises need to adopt, across Process, Technology and People in order to be able to Provision, Deploy, Manage, Govern, and Secure Data in Application Delivery Pipelines, addressing Data Friction and Data Security challenges that may be impeding DevSecOps adoption.
  • Introducing a Security Feedback Loop Oct 24 2019 8:00 pm UTC 30 mins
    Dan Garfield, Chief Technology Evangelist, Codefresh.io
    We’re all looking at ways to prevent vulnerabilities from escaping into our production environments. Why not require scans of your Docker images before they’re even uploaded to your production Docker registry? SHIFT LEFT!

    When your engineers get information about security vulnerabilities earlier, they're more efficient with fixes!

    Join Codefresh, as we demonstrate setting up vulnerability and compliance thresholds in a CI pipeline. We will show you how to give your teams access to your Docker images’ security reports & trace back to your report from your production Kubernetes cluster using Codefresh.
  • DevOps for Your Cloud Project - What’s Behind the Success of Cloud Adoption? Oct 24 2019 5:00 pm UTC 18 mins
    Alberta Bosco, Sr. Product Marketing Manager at Puppet
    The shift to the cloud is about breaking down traditional barriers and opening new lines of communication and collaboration to solve problems. If you have already implemented DevOps practices in your organisation you will find it much easier to transition to the cloud.

    Why? Because cloud transformation requires significant collaboration between different teams. Because cloud adoption is complex a diverse, cross-functional team with experience and perspectives from around the company, can help create a collaborative environment that enables success.

    In this talk you will learn:

    How to manage the cultural shift required for a successful cloud project;

    How to build cross-teams, establish processes, adopt new tools and define KPIs;

    How to identify areas for improvement, increase agility and efficiency.
  • [Panel] DevOps Adoption Challenges and How to Overcome Them Oct 24 2019 3:00 pm UTC 58 mins
    Brad Schick, Skytap | Daniel Breston, Virtual Clarity | Jeremy Brown, Red Hat EMEA
    To win with DevOps, you need to be aware of potential issues and know how to overcome the challenges so that you can make the most of its benefits.

    With the incredible growth of DevOps in a short space of time comes numerous questions about how best to adopt it. From insights and driving factors of adoption - to dealing with legacy systems and incorporating robust security features - join our panel of experts to hear advice and learnings from those at the forefront of DevOps adoption.

    Panelists:
    Brad Schick, CTO, Skytap
    Jeremy Brown, Director, Red Hat Open Innovation Labs - EMEA, Red Hat
    Daniel Breston, Technology Leadership Transformation Coach, Virtual Clarity
  • Agile Blind-spots: Angles to Keep at Sight for a True Agile Transformation Oct 24 2019 10:00 am UTC 45 mins
    Cristiane (Coca) Pitzer, Retail inMotion
    This Talk is based on real-life experience while leading Agile transformation in organisations.

    I will speak about what I have learned as well as some angles I almost missed, and that other Agile Coaches typically miss while identifying corporate problems.

    A practical session where I call out the blind spots and actual actions taken to course-correct.

    Presented by:
    Cristiane (Coca) Pitzer, Head of Agile & Agile Transformation, Retail inMotion
  • SHIFT LEFT THEN SHIFT UP: Strengthening Your DevSecOps Posture Oct 23 2019 8:00 pm UTC 46 mins
    Rani Osnat, VP of Product Marketing Aqua Security
    The concept of “shift left” engages security earlier in the development cycle of cloud-native applications, accelerating development while reducing risk. However, migrating to cloud-native environments also necessitates the security team to “shift up”, focusing on the application layer to account for the shared-service model and “thin OS” environments that are prevalent in these environments.

    Attend this webinar to learn why Shifting Up provides improved security and cost efficiency in cloud-native environments, including:

    - Kubernetes orchestrated applications
    - Containers running on VMs
    - Serverless containers (e.g., AWS Fargate and Azure Container Instances)
    - Serverless functions (e.g., AWS Lambda and Azure Functions)
  • CCS [Ep.5]: Application Security Meets Multicloud Oct 23 2019 5:00 pm UTC 60 mins
    John Burke, CIO and Principal Research Analyst, Nemertes Research
    Cloud and Cybersecurity Series [Ep.5]: Application Security Meets Multicloud

    Enterprises are developing and buying applications to run everywhere: across multiple clouds, multiple data centers, desktops, mobile devices, and IoT devices. In a multicloud environment, IT needs to take a multipronged approach to securing applications.

    We'll how organizations approach securing their applications for the multicloud, ranging from changes in the development process to the embrace of security technologies including IAMaaS, microservice authentication, and enterprise secure cloud access and policy enforcement (ESCAPE).

    This webinar presents data from Nemertes' in-depth research study of 335 organizations in 11 countries across a range of vertical industries.
  • 10 Attributes of Elite DevSecOps Programs Oct 23 2019 12:00 pm UTC 29 mins
    Derek Weeks, VP at Sonatype and Co-Founder of All Day DevOps
    We've spent six years studying secure coding practices of DevOps and Continuous Delivery organizations by surveying over 15,000 IT professionals. We've analyzed their staffing practices, educational priorities, automation choices, and process improvements that improve their cybersecurity preparedness. Our study has also uncovered details of where automation fails, awareness falls short and breaches happen.

    Come participate in this session where we will share the 10 habits practiced by the DevSecOps Elite that you can then apply to -- or further mature within -- your own organization. We will also uncover what our analysis revealed about securing CI/CD pipelines, including what popular Jenkins plug-ins are used for security.

    Learning objective:
    We've spent six years studying secure coding practices of DevOps and Continuous Delivery organizations. Learn the 10 habits practiced by the DevSecOps Elite -- including their approaches to training, process, and automation -- that you can apply to your own organization.
  • Common Security Misconfigurations and How Not to Get Hacked Oct 23 2019 8:00 am UTC 60 mins
    Michal Brygidyn, Cloud Solutions Architect | Security Researcher, PGS Software
    Michal Brygidyn, Cloud Solutions Architect and Security Researcher for PGS Software, will suggest helpful hints and tips on how Data Leaks occur and what your organisation can do to mitigate the risk. He'll also be discussing:

    - Black Hats – How They WILL Exploit You
    - Cloud Infrastructure Security: AWS Oriented Good Practices
    - How can these security issues be tackled

    Register for this session, listen in live and put your questions to Michal.
  • ICE [Ep.6]: Setting Budgets, Finding Stakeholders for AI-Enabled DCX Projects Oct 22 2019 3:00 pm UTC 60 mins
    Robin Gareiss, President and Founder, Nemertes Research
    Intelligent Customer Engagement Series [Ep.6]: Setting Budgets, Finding Stakeholders for AI-Enabled DCX Projects

    As IT and business leaders evaluate their how to use AI to improve customer experience, one of the biggest roadblocks is funding.

    This webinar provides step-by-step guidance on finding stakeholders to fund the projects, with specific data on how much companies are spending today on their AI-enabled initiatives.
  • ICE [Ep.5]: CX Success Stories Require Technology, Leadership, Data Recorded: Oct 9 2019 59 mins
    Robin Gareiss, President and Founder, Nemertes Research
    Intelligent Customer Engagement Series [Ep.5]: CX Success Stories Require Technology, Leadership, Data

    A great story requires more than a compelling narrative. Marketing teams can significantly elevate their success with the right combination of leadership, technology, and data derived from well-planned customer interviews.

    Crafting that perfect story requires an expanded mindset about what comprises “marketing.”

    In this webinar, join Nemertes Research President Robin Gareiss, who recently completed detailed research with 518 companies on how they use advanced technologies and reshape their organizational structure to improve customer experience. Based on this research and her experience as a journalist, marketing content developer, and CX advisor, she will cover:

    1. Organizational overhaul: Why a Chief Customer Officer is vital, and how the CMO and CCO work together for joint success.
    2. Technology leverage: What are the key technologies and contact-center initiatives that result in measurable CX success—ultimately delivering crucial data to marketing teams that support their success stories?
    3. The perfect story: How to conduct interviews that get real-world data to support your mission.
  • CCS [Ep.4]: Next-Generation Cybersecurity - Technology Foundations Recorded: Oct 1 2019 53 mins
    Johna Till Johnson, CEO and Founder, Nemertes Research
    Cloud and Cybersecurity Series [Ep.4] Next-Generation Cybersecurity - Technology Foundations

    The bad news? Threats evolve. Bad actors continue to improve their games.
    The good news? Cybersecurity technology is also evolving and improving. This webinar drills down into the emerging technologies that successful cybersecurity organizations are deploying to protect their firms. Find out what works, what's a waste of resources--and how to deploy the technologies that work.
  • ICE [Ep.4]: Analytics' Role in Improving DCX Recorded: Sep 26 2019 45 mins
    Robin Gareiss, President and Founder, Nemertes Research
    Intelligent Customer Engagement Series [Ep.4]: Analytics' Role in Improving DCX

    Information is king, and without both real-time and historical data, it's nearly impossible to deliver the experience customers are expecting.

    Analytics tools are providing incredible insight to companies about customer sentiment, agent performance, and predictive actions.

    In this webinar, learn how successful organizations are using analytics to drive more revenue, reduce costs, and improve the customer experience.
  • CCS [Ep. 3]: Succeeding in the Multicloud Recorded: Sep 24 2019 39 mins
    John Burke, CIO and Principal Research Analyst, Nemertes Research
    Cloud and Cybersecurity Series [Ep.3]: Succeeding in the Multicloud

    With most IT work being done in the cloud, what does it mean to be successful and what are the characteristics of highly successful cloud enterprises?

    We'll dig into the what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We'll look across technologies adopted, organizational and operational practices, and vendors embraced.

    This webinar presents the highlights of Nemertes' in-depth research study of 335 organizations in 11 countries across a range of vertical industries. Later episodes will discuss security topics as well as focusing in on application development and security.
  • CCS [Ep.2]: Mastering Multicloud - Architectures, Organizations, Building Blocks Recorded: Sep 12 2019 57 mins
    John Burke, CIO and Principal Research Analyst, Nemertes Research
    Cloud and Cybersecurity Series [Ep. 2]: Mastering Multicloud - Architectures, Organizations, Building Blocks

    In 2019 the balance tipped, and for the first time the majority of enterprise IT workloads are running in the cloud, not in a data center.

    Enterprise IT staff need to stop thinking of cloud solutions as islands of function and special cases and begin to think of pulling it all together into a cohesive multicloud. We'll lay out the major categories of tools and systems and how they fit together, and at the organizational structures and operational practices needed to support multicloud operations.

    This webinar presents the highlights of Nemertes' in-depth research study of 335 organizations in 11 countries across a range of vertical industries. Later episodes will discuss cloud organizations and operational practices, and success metrics and best practices for cloud organizations.
  • ICE [Ep 3]: The Agent Experience - From Good to Great Recorded: Sep 10 2019 51 mins
    Robin Gareiss, President and Founder, Nemertes Research
    Intelligent Customer Engagement Series [Ep 3]: The Agent Experience - From Good to Great

    Although organizations are busy adding self-service channels, and AI-enabled chatbots or virtual agents to their customer engagement strategies, there is no replacement for the human touch.

    Successful companies are transforming the agent experience, delivering better coaching, more analytics, and improved compensation packages.

    Learn how you can leverage AI and analytics to reduce contact center agent turnover rates--and ultimately improve the customer experience.
  • CCS[Ep1]: Next-Generation Cybersecurity - Success Metrics, Best Practices & More Recorded: Sep 5 2019 59 mins
    Johna Till Johnson, CEO & Founder, Nemertes Research
    Cloud & Cybersecurity Series [Ep.1]: Success Metrics, Best Practices & More

    What does it take for enterprise cybersecurity teams to "up their games" to the next level of cybersecurity? What does it mean to be a "successful" cybersecurity organization, and what technologies and practices does it take to become one?

    This webinar presents the highlights of Nemertes' in-depth research study of 335 organizations in 11 countries across a range of vertical industries.

    We separated the best from the rest, and took an in-depth look into what made the most successful organizations that way. Participants will come away with best practices, tools, technologies, and organizational structures that contribute to success. Most importantly, they'll learn how to measure cybersecurity success--and their progress towards it.
  • Speed Matters in AppSec: How to Start Improving Your Fix Rate Recorded: Sep 3 2019 40 mins
    Pejman Pourmousa, Vice President, Services, Veracode and Amy DeMartine, Research Director, Forrester Research
    The most important function of an application security program is effectively fixing flaws once they’re discovered. But the speed of that fix rate matters — the time it takes for attackers to come up with exploits for newly discovered vulnerabilities is measured in days, and sometimes hours. Yet our most recent State of Software Security report found that one in four high and very high severity flaws aren’t addressed within 290 days of discovery.

    Improving your fix rate is critical, but the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed.

    This might seem like an insurmountable problem, but our data also presents hopeful glimpses at potential prioritization and software development methods that could help organizations reduce risk more quickly. In this session, we’ll share some steps and best practices that will start lowering your fix rate.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
Trends and insights for developing apps and maintaining service
The webcasts in this channel will highlight trends and best practices for the application development lifecycle as well as how to make sure your application maintain a steady level of service.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Protect Cloud-Based APIs from Data Scrapers and Cloned Apps
  • Live at: Apr 24 2019 12:00 pm
  • Presented by: David Stewart - Co-Founder, CriticalBlue and Stephen Gorton -Technical Architect, Racing Post
  • From:
Your email has been sent.
or close