SlideShare una empresa de Scribd logo

apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Steinherz, Syber.ai

Descargar como PPTX, PDF
apidays
apidays

apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance April 21 & 22, 2021 Novel approaches in API security Dr Tal Steinherz, CTO at Syber.ai ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Tecnología
1 de 25
Dr. Tal Steinherz, Co-Founder & CTO Syber.ai Novel approaches in API security
Today’s speaker Former CTO, Israel National Cyber Directorate Former head of Cyber R&D division in the Prime Minister’s office A record of delivering groundbreaking innovations PhD in machine learning Dr. Tal Steinherz, CTO 2
API Protection is a Major Issue
We live in an API Economy. Everyone needs API protection “By 2022, 50% of web attacks will be through APIs” Gartner 4 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19 “The size of the API economy was $2.2 Trillion in 2018” Ovum
APIs present: Insecurity by Design
What makes API so vulnerable? • Open architecture • Agile development cycles • Many stakeholders • Uncontrolled users 6
Companies face many API-related concerns • Are there APIs that the organization is not aware of? • Is there personal information that is leaking? • Are we compliant with regulations? (HIPAA, Open Banking) • Who is using our APIs? • Is the usage authorized and reasonable? 7
Confidential What does good API protection include? 8 Hacking Malicious actors attacking the APIs Abuse Customers with valid credentials that are abusing their privileges. A revenue assurance risk Data Leaks Misconfiguration leading to personal information leaks A regulatory concern.
What Is Required?
10 Specific requirements • Agentless • Hybrid (on-prem and in the cloud) • Transparent (no performance penalties) • For some customers: compliant with (privacy) regulations • Adjustable (to business logic) General requirements • API discovery • Anomaly detection • Investigation • Remediation
How Should One Protect APIs?
The Spectrum of API Security Solutions Development Production RASP API collaboration tools OpenAPI validation API BAS WAF Anti-bot API GW Network-based API monitoring RASP = Runtime Application Self Protection BAS = Breach and Attack Simulation API Agents Goal: design, document and perform development testing of APIs Goal: protect organizations against malicious API attacks, API data leaks and API abuses
A novel approach: Deep Message Inspection
• Content (payload) inspection • Multi-level profiling for every interaction between any user and any endpoint • PII detection and association • Time series and correlation 14
The importance of Deep Message Inspection • Discovers APIs and builds an API catalog • Detects leaking personal information • Offers vertical-specific intelligence: Open Banking, HIPAA • Cross-correlates multiple profiles to reduce false alerts • Detects APIs that deviate from their Swagger/GraphQL definitions • Captures API sessions of interest for deeper inspection and analysis 15
Extracting valuable information APIs carry a lot of repetitive data, Identifying the unique information allows us to: • Detect anomalies • Dramatically reduce the storage required to store significant transaction history 16
Example : Banking API 17 Endpoint identifier DF56KR User ID 5934023 Account number 891 5533 4567 $15,430 -- -- Account number 891 5577 1234 $79,023 -- -- Account number 891 5533 4567 $15,430 Credit rating 640 -- -- Account number 891 5533 4567 $15,430 Account number 891 5533 4568 $4,699 Account number 891 5533 4569 $1,700 Normal: Someone else’s data: Data leak: Potential attack:
Confidential Contact Information 18 https://www.linkedin.com/in/talsteinherz/ Tal@syber.ai https://syber.ai/
The importance of profiling on multiple dimensions 19 The benefits of multi-dimensional profiling • Profiling in multiple dimensions helps discover the full range of threats • Cross-correlating these dimensions dramatically reduces false alarms What we profile • Call: a single API request/response pair • Session: a set of consecutive API calls with the same credentials • User: a history of sessions for each user • IP: aggregated calls from the same IP address over time • API: all calls to the same API endpoint
The Importance of flexible deployment models 20 As an API Proxy • Instant deployment • Useful for 3rd party cloud-to-cloud (e.g. Teams to Hubspot, Salesforce to Marketo) • Can filter traffic As an API Sniffer • Receive a copy of the API Traffic • Supports cloud and on-prem deployments • Agentless • No impact on API reliability • No impact on API performance
Confidential The API protection problem is nearing an inflection point 21 Regulations Privacy regulations mandate securing the APIs Remote access Fewer in-person transactions. More remote work CISOs understand Existing security solutions don’t work for APIs Open banking Regulators forcing banks to open their API Hackers notice APIs are the next frontier in cybercrime
Typical on-premise deployment 22 API Servers Clients API Calls Load Balancer & SSL Terminator Tap API Sniffer Best Practices • Agentless • Not in-line • Vendor-agnostic
Confidential It is important to understand the specific API issues of each business process Generic API issues API issues specific to Open Banking API issues specific to Health applications API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance 23
Supporting cloud AND on-prem deployments 24 On-prem is important because • Many organizations still have most of their APIs on-prem. Thus, cloud-only solutions are not sufficient • GDPR and other regulations are causing some companies to remain on-prem • Cloud bills are causing some organizations to return to on-prem • On-prem installations have greater risk of misconfigurations and risk Cloud is important because • New-economy companies are cloud- centric • Many established organizations are moving to the cloud
We live in an API Economy. Everyone needs API security “By 2022, 50% of web attacks will be through APIs” Gartner 25 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19

Recomendados

apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...apidays
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
 
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays
 
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAPI Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAkana
 
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...apidays
 
Embedded Finance - the $7 Trillion market opportunity
Embedded Finance - the $7 Trillion market opportunityEmbedded Finance - the $7 Trillion market opportunity
Embedded Finance - the $7 Trillion market opportunitySimon Torrance
 
Will Open Banking trigger the API of Me? (Chris Wood)
Will Open Banking trigger the API of Me? (Chris Wood)Will Open Banking trigger the API of Me? (Chris Wood)
Will Open Banking trigger the API of Me? (Chris Wood)Nordic APIs
 

Recomendados

apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...apidays
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
 
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays
 
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAPI Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAkana
 
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...
apidays LIVE Hong Kong 2021 - API Ecosystem and Banking Open API Phase III & ...apidays
 
Embedded Finance - the $7 Trillion market opportunity
Embedded Finance - the $7 Trillion market opportunityEmbedded Finance - the $7 Trillion market opportunity
Embedded Finance - the $7 Trillion market opportunitySimon Torrance
 
Will Open Banking trigger the API of Me? (Chris Wood)
Will Open Banking trigger the API of Me? (Chris Wood)Will Open Banking trigger the API of Me? (Chris Wood)
Will Open Banking trigger the API of Me? (Chris Wood)Nordic APIs
 
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays
 
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...apidays
 
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...apidays
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Apigee | Google Cloud
 
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays
 
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...apidays
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...apidays
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)apidays
 
Identity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsIdentity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsForgeRock
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationForgeRock
 
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAaronLieberman5
 

Más contenido relacionado

La actualidad más candente

apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays
 
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...apidays
 
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...apidays
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Apigee | Google Cloud
 
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays
 
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...apidays
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...apidays
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)apidays
 
Identity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsIdentity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsForgeRock
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationForgeRock
 
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays
 

La actualidad más candente (20)

apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
 
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
apidays LIVE Singapore 2021 - Differentiating to win in the ecosystem economy...
 
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
apidays LIVE New York 2021 - Drawing parallels between APIs and Event Streams...
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?
 
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
 
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
apidays LIVE Hong Kong 2021 - Enterprise Integration Patterns for OpenAPI Ini...
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)
 
Identity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsIdentity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management Systems
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & Automation
 
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
 

Similar a apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Steinherz, Syber.ai

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAaronLieberman5
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...WSO2
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfFahmiDzikrullah
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...apidays
 
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)apidays
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?APIsecure_ Official
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Avi Networks
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverPing Identity
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Zymr Fintech app development
Zymr Fintech app development Zymr Fintech app development
Zymr Fintech app developmentZymr Cloud
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyWSO2
 
Api management customer
Api management customerApi management customer
Api management customernick_garrod
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of InnovationAPIsecure_ Official
 
5 Pillars of Building Enterprise0grade APIs
5 Pillars of Building Enterprise0grade APIs5 Pillars of Building Enterprise0grade APIs
5 Pillars of Building Enterprise0grade APIsWSO2
 

Similar a apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Steinherz, Syber.ai (20)

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIs
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdf
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
 
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
 
2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?2022 APIsecure_API Security & Fraud Detection - Are you ready?
2022 APIsecure_API Security & Fraud Detection - Are you ready?
 
Api security-present
Api security-presentApi security-present
Api security-present
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Zymr Fintech app development
Zymr Fintech app development Zymr Fintech app development
Zymr Fintech app development
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital Economy
 
Api management customer
Api management customerApi management customer
Api management customer
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation
 
5 Pillars of Building Enterprise0grade APIs
5 Pillars of Building Enterprise0grade APIs5 Pillars of Building Enterprise0grade APIs
5 Pillars of Building Enterprise0grade APIs
 

Más de apidays

apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays
 
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays
 
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays
 
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays
 
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays
 
apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays
 
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays
 
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays
 
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays
 
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays
 
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays
 
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays
 
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...apidays
 
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOApidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOapidays
 
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...apidays
 
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...apidays
 
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...apidays
 
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...apidays
 
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...apidays
 
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...apidays
 

Más de apidays (20)

apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...
 
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
 
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
 
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
 
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
 
apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...
 
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
 
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
 
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
 
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
 
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
 
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
 
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
 
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOApidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
 
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
 
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
 
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
 
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
 
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
 
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
 

Último

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Último (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Steinherz, Syber.ai

  • 1. Dr. Tal Steinherz, Co-Founder & CTO Syber.ai Novel approaches in API security
  • 2. Today’s speaker Former CTO, Israel National Cyber Directorate Former head of Cyber R&D division in the Prime Minister’s office A record of delivering groundbreaking innovations PhD in machine learning Dr. Tal Steinherz, CTO 2
  • 3. API Protection is a Major Issue
  • 4. We live in an API Economy. Everyone needs API protection “By 2022, 50% of web attacks will be through APIs” Gartner 4 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19 “The size of the API economy was $2.2 Trillion in 2018” Ovum
  • 6. What makes API so vulnerable? • Open architecture • Agile development cycles • Many stakeholders • Uncontrolled users 6
  • 7. Companies face many API-related concerns • Are there APIs that the organization is not aware of? • Is there personal information that is leaking? • Are we compliant with regulations? (HIPAA, Open Banking) • Who is using our APIs? • Is the usage authorized and reasonable? 7
  • 8. Confidential What does good API protection include? 8 Hacking Malicious actors attacking the APIs Abuse Customers with valid credentials that are abusing their privileges. A revenue assurance risk Data Leaks Misconfiguration leading to personal information leaks A regulatory concern.
  • 10. 10 Specific requirements • Agentless • Hybrid (on-prem and in the cloud) • Transparent (no performance penalties) • For some customers: compliant with (privacy) regulations • Adjustable (to business logic) General requirements • API discovery • Anomaly detection • Investigation • Remediation
  • 11. How Should One Protect APIs?
  • 12. The Spectrum of API Security Solutions Development Production RASP API collaboration tools OpenAPI validation API BAS WAF Anti-bot API GW Network-based API monitoring RASP = Runtime Application Self Protection BAS = Breach and Attack Simulation API Agents Goal: design, document and perform development testing of APIs Goal: protect organizations against malicious API attacks, API data leaks and API abuses
  • 13. A novel approach: Deep Message Inspection
  • 14. • Content (payload) inspection • Multi-level profiling for every interaction between any user and any endpoint • PII detection and association • Time series and correlation 14
  • 15. The importance of Deep Message Inspection • Discovers APIs and builds an API catalog • Detects leaking personal information • Offers vertical-specific intelligence: Open Banking, HIPAA • Cross-correlates multiple profiles to reduce false alerts • Detects APIs that deviate from their Swagger/GraphQL definitions • Captures API sessions of interest for deeper inspection and analysis 15
  • 16. Extracting valuable information APIs carry a lot of repetitive data, Identifying the unique information allows us to: • Detect anomalies • Dramatically reduce the storage required to store significant transaction history 16
  • 17. Example : Banking API 17 Endpoint identifier DF56KR User ID 5934023 Account number 891 5533 4567 $15,430 -- -- Account number 891 5577 1234 $79,023 -- -- Account number 891 5533 4567 $15,430 Credit rating 640 -- -- Account number 891 5533 4567 $15,430 Account number 891 5533 4568 $4,699 Account number 891 5533 4569 $1,700 Normal: Someone else’s data: Data leak: Potential attack:
  • 19. The importance of profiling on multiple dimensions 19 The benefits of multi-dimensional profiling • Profiling in multiple dimensions helps discover the full range of threats • Cross-correlating these dimensions dramatically reduces false alarms What we profile • Call: a single API request/response pair • Session: a set of consecutive API calls with the same credentials • User: a history of sessions for each user • IP: aggregated calls from the same IP address over time • API: all calls to the same API endpoint
  • 20. The Importance of flexible deployment models 20 As an API Proxy • Instant deployment • Useful for 3rd party cloud-to-cloud (e.g. Teams to Hubspot, Salesforce to Marketo) • Can filter traffic As an API Sniffer • Receive a copy of the API Traffic • Supports cloud and on-prem deployments • Agentless • No impact on API reliability • No impact on API performance
  • 21. Confidential The API protection problem is nearing an inflection point 21 Regulations Privacy regulations mandate securing the APIs Remote access Fewer in-person transactions. More remote work CISOs understand Existing security solutions don’t work for APIs Open banking Regulators forcing banks to open their API Hackers notice APIs are the next frontier in cybercrime
  • 22. Typical on-premise deployment 22 API Servers Clients API Calls Load Balancer & SSL Terminator Tap API Sniffer Best Practices • Agentless • Not in-line • Vendor-agnostic
  • 23. Confidential It is important to understand the specific API issues of each business process Generic API issues API issues specific to Open Banking API issues specific to Health applications API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance 23
  • 24. Supporting cloud AND on-prem deployments 24 On-prem is important because • Many organizations still have most of their APIs on-prem. Thus, cloud-only solutions are not sufficient • GDPR and other regulations are causing some companies to remain on-prem • Cloud bills are causing some organizations to return to on-prem • On-prem installations have greater risk of misconfigurations and risk Cloud is important because • New-economy companies are cloud- centric • Many established organizations are moving to the cloud
  • 25. We live in an API Economy. Everyone needs API security “By 2022, 50% of web attacks will be through APIs” Gartner 25 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19