Isabelle Mauny, CTO & Co-Founder, 42Crunch
.During this practical webinar, you will learn:
1. Why TLS and OAuth2 are not enough to secure your APIs
API Security has a much wider spectrum and even if you are using OAuth today, you may not use it in a way that is adapted to the risk taken when exposing Open banking APIs. What about API attacks protection ? PKCE ? Message confidentiality and integrity ?
2. Why API security must be declared and not coded
Developers should not have to master security standards such as OAuth and OpenID Connect and try to implement them properly into their APIs. Instead, they should rely on proven, reliable policies approved by the bank’s security team and simply apply those policies on top of their APIs.
3. How declarative security helps with consistency and automation
42Crunch's innovative tagging mechanisms can be used by developers to express security constraints on top of their Open API definitions (aka Swagger). Those tags are translated automatically, either via the UI or in the CI/CD pipeline into policies which are applied on APIs requests/responses, making it possible to apply security as early as possible in the API lifecycle and find security vulnerabilities early.
4. How to enforce security in a scalable way using micro-firewalls
We will show how to deploy the 42Crunch API Firewall at run-time whether on premises, in the Cloud or in a hybrid environment and how to monitor the system through real-time security dashboards.