SlideShare una empresa de Scribd logo

Test and Protect Your API

Descargar como PPTX, PDF
SmartBear
SmartBear

Protect your APIs from hackers and achieve API security.

Software
1 de 24
@Axway @SmartBear #APISecurity Test & Protect Your API Practical Tips to Achieve API Security Nirvana with Axway & Ready! API 1
@Axway @SmartBear #APISecurity The API Lifecycle – SmartBear approach SmartBear Confidential and  Open source based and driven  Integrated tools for Dev/Test across API lifecycle  Extendable and easily integrated into API lifecycle workflow  Data driven and automated  Protocol and runtime independent  Leverage and reuse assets across lifecycle  Democratize advanced dev/test capabilities
@Axway @SmartBear #APISecurity  Axway technology manages interactions between applications, people and communities.  Security and integration across B2B (EDI, MFT, and APIs)  Positioned as a leader in Gartner Magic Quadrants for “On-Premises Application Integration Suites” and for “Application Services Governance” 3 About Axway
@Axway @SmartBear #APISecurity Webinar Attendee Statistics 3% 41% 56% How important is API Security to your organization? Not important at all Growing importance Very important 23% 65% 12% How much API Security testing do you do today? None Some Extensive 56% of attendees for this webinar responded that API security is “very important,” and yet only 12% are doing extensive security testing
@Axway @SmartBear #APISecurity  Security vulnerabilities related to APIs  Enabling account information exposure (Snapchat) 5 APIs – A soft underbelly for security?
@Axway @SmartBear #APISecurity 6 IRS Data Breach Insecure API Access
@Axway @SmartBear #APISecurity 7 And more security vulnerabilities…
@Axway @SmartBear #APISecurity  Insecure APIs are often the source of mobile app security issues  Sniffers can detect insecure API calls 8 Mobile App vulnerabilities are often API vulnerabilities in disguise… Source: http://www.troyhunt.com/2014/10/find-crazy-stuff-in-mobile-app.html
@Axway @SmartBear #APISecurity  Problem:  API Keys are often simply passed in URLs  &APIKey=123456  Vulnerable to sniffing and replay attacks  Amazon uses two keys:  Secret Key ID to perform HMAC signing  With detection of replay attacks  Access Key ID to identify the client 9 Beware Weak API Key Authentication
@Axway @SmartBear #APISecurity 10 The solution – API Management Configure API Keys Configure OAuth
@Axway @SmartBear #APISecurity  Managing usage quotas for APIs to prevent misuse of DoS 11 Quota Management for APIs Configure Quotas
@Axway @SmartBear #APISecurity 12 The Role of the API Gateway
@Axway @SmartBear #APISecurity  Protective Security  Content-Level Threats (XDoS, XXE, etc)  WAF functionality (OWASP Top Ten, etc)  Throttling  Policy Decision and Enforcement Point  STS- Security Token Creation, Consumption, Mediation  Dynamic Authorization  Data Flow Introspection and Governance  Integration (lightweight ESB)  Heterogeneous, Vendor Agnostic  Multiple Protocol and Standard Support  Enterprise Architecture Intelligence and Protection  SSO Enablement  Architecture wide auditing and risk analysis 13 API Gateway – Security and more
@Axway @SmartBear #APISecurity API Gateway protects against threats to Web Services / APIs including:  Unauthorised Access  Parameter Manipulation and Data Harvesting  Network eaves dropping  Disclosure of sensitive customer data  Message replay 14 Security provide by API Gateways Unauthorised Access Parameter Manipulation Virus Insertion Consumer Network Eavesdropping Message Replay Firewall API Disclosure of customer data Standard network firewalls offer no protection against these threats
@Axway @SmartBear #APISecurity Client Applications REST API SOAP/XML/REST/JSON API Manager Services Applications Data Application Developers API Portal API API Registration & Lifecycle API Catalog Partner & Policy Administration Self-Service API consumption Build developer community New channel to market brand API Developers API Administrators Self-register to resources Browse and learn APIs Manage application credentials R E S T SOAP Web Services POX, JMS, FTP Integration with non- REST API services Policy Enforcement API Gateway Register and manage API lifecycle Perform partner, policy and process admin Monitor and report API use Policy Developers Create and extend policies Integrate with applications and infrastructure API Gateways in API Management
@Axway @SmartBear #APISecurity  API breaches can result in:  Stolen data  Server attacks  Spoofing  IoT device tampering 16 API Security testing: Why is it so important?
@Axway @SmartBear #APISecurity • We want to know as much as possible about an API’s endpoints, messages, parameters, behavior • The more we know about the API’s surface – the better we can target our attack! Thinking like a hacker
@Axway @SmartBear #APISecurity  OWASP.ORG  Identify the most likely “soft spots”  Run all the scans but automate & repeat the most important ones  Don’t neglect payload analysis  Pay attention and respond quickly 18 Looking for vulnerabilities in your API
@Axway @SmartBear #APISecurity Show Me How to Protect My API 19
@Axway @SmartBear #APISecurity Demo – Scenario Bank Account API with – One method for users get balance one of their accounts – Vulnerable to SQL Injection User authentication out of scope – Focus on the SQL Injection attack
@Axway @SmartBear #APISecurity Demo – Detecting API Threats API vulnerable to SQL injections Definition imported prior to demo 1. Normal request 2. scanning GET http://<host>/account/balance?accnt=123456789 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=123456789;  Returns the balance from account 123456789 GET http://<host>/account/balance?accnt=1 OR 1=1 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=1 OR 1=1;  Returns the balance from all accounts!
@Axway @SmartBear #APISecurity Demo – Protecting Against API Threats Threat Protection API Gateway Protected API API Manager 1. Normal request 2. scanning API vulnerable to SQL injections GET http://<host>/account/balance?accnt=123456789 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=123456789;  Returns the balance from account 123456789 GET http://<host>/account/balance?accnt=1 OR 1=1 HTTP/1.1  Detected and Blocked by Axway API Gateway!
@Axway @SmartBear #APISecurity Key Takeaways API Protection API Testing Create APIs with Confidence  Put protection in place for your APIs  Apply throttling, input validation, threat detection  Block the full spectrum of attacks  OWASP.org is your friend  Focus on most likely vulnerabilities first  Build security testing into your dev plans 23
@Axway @SmartBear #APISecurity Try For Free FREE TRIAL FREE TRIAL

Recomendados

API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraAkana
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API ManagementApigee | Google Cloud
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?Apigee | Google Cloud
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption PatternsAkana
 

Recomendados

API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraAkana
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API ManagementApigee | Google Cloud
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?Apigee | Google Cloud
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption PatternsAkana
 
Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud ofCisco DevNet
 
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...apidays
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterpriseGuru Lakshmeekar B
 
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaArchitecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaAkana
 
APIs for... Your Mom
APIs for... Your MomAPIs for... Your Mom
APIs for... Your MomCarlo Longino
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API AuthorizationNordic APIs
 
API Management
API ManagementAPI Management
API ManagementProlifics
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceRam Kumar
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APIAkana
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays
 
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityApigee | Google Cloud
 
Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic MetadataNordic APIs
 
The Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your CustomersThe Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your CustomersApigee | Google Cloud
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?Applatix
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture3scale
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated developmentJonathan LeBlanc
 

Más contenido relacionado

La actualidad más candente

Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud ofCisco DevNet
 
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...apidays
 
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaArchitecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaAkana
 
APIs for... Your Mom
APIs for... Your MomAPIs for... Your Mom
APIs for... Your MomCarlo Longino
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API AuthorizationNordic APIs
 
API Management
API ManagementAPI Management
API ManagementProlifics
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceRam Kumar
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APIAkana
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays
 
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays
 
Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic MetadataNordic APIs
 
The Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your CustomersThe Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your CustomersApigee | Google Cloud
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?Applatix
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays
 

La actualidad más candente (20)

Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud of
 
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterprise
 
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaArchitecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and Akana
 
APIs for... Your Mom
APIs for... Your MomAPIs for... Your Mom
APIs for... Your Mom
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API Authorization
 
API Management
API ManagementAPI Management
API Management
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital Excellence
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices World
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management Seminar
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
 
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
 
Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic Metadata
 
The Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your CustomersThe Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your Customers
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
 
Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
 

Destacado

Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture3scale
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated developmentJonathan LeBlanc
 
How to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API ProgramsHow to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API Programs3scale
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out3scale
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...3scale
 
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...Publicis Sapient Engineering
 
The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap3scale
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs3scale
 

Destacado (10)

Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
 
How to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API ProgramsHow to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API Programs
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
 
Oracle api gateway overview
Oracle api gateway overviewOracle api gateway overview
Oracle api gateway overview
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 
Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...
 
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
 
The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
 

Similar a Test and Protect Your API

apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs💻 Javier Garza
 
Safeguarding RESTful API in SaaS Product Development
Safeguarding RESTful API in SaaS Product DevelopmentSafeguarding RESTful API in SaaS Product Development
Safeguarding RESTful API in SaaS Product Developmentriyak40
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...apidays
 
42Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.142Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.1WSO2
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...apidays
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityAaronLieberman5
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceKasun Indrasiri
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 

Similar a Test and Protect Your API (20)

apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
Safeguarding RESTful API in SaaS Product Development
Safeguarding RESTful API in SaaS Product DevelopmentSafeguarding RESTful API in SaaS Product Development
Safeguarding RESTful API in SaaS Product Development
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
 
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...
 
42Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.142Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.1
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API Security
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
 
5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
 

Más de SmartBear

Enforcing Your Organization's API Design Standards with SwaggerHub
Enforcing Your Organization's API Design Standards with SwaggerHubEnforcing Your Organization's API Design Standards with SwaggerHub
Enforcing Your Organization's API Design Standards with SwaggerHubSmartBear
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1SmartBear
 
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...SmartBear
 
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...SmartBear
 
How LISI Automotive Accelerated Application Delivery with SwaggerHub
How LISI Automotive Accelerated Application Delivery with SwaggerHubHow LISI Automotive Accelerated Application Delivery with SwaggerHub
How LISI Automotive Accelerated Application Delivery with SwaggerHubSmartBear
 
Standardising APIs: Powering the Platform Economy in Financial Services
Standardising APIs: Powering the Platform Economy in Financial ServicesStandardising APIs: Powering the Platform Economy in Financial Services
Standardising APIs: Powering the Platform Economy in Financial ServicesSmartBear
 
Getting Started with API Standardization in SwaggerHub
Getting Started with API Standardization in SwaggerHubGetting Started with API Standardization in SwaggerHub
Getting Started with API Standardization in SwaggerHubSmartBear
 
Adopting a Design-First Approach to API Development with SwaggerHub
Adopting a Design-First Approach to API Development with SwaggerHubAdopting a Design-First Approach to API Development with SwaggerHub
Adopting a Design-First Approach to API Development with SwaggerHubSmartBear
 
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...SmartBear
 
Effective API Lifecycle Management
Effective API Lifecycle Management Effective API Lifecycle Management
Effective API Lifecycle Management SmartBear
 
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...SmartBear
 
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...SmartBear
 
Artificial intelligence for faster and smarter software testing - Galway Mee...
Artificial intelligence for faster and smarter software testing - Galway Mee...Artificial intelligence for faster and smarter software testing - Galway Mee...
Artificial intelligence for faster and smarter software testing - Galway Mee...SmartBear
 
Successfully Implementing BDD in an Agile World
Successfully Implementing BDD in an Agile WorldSuccessfully Implementing BDD in an Agile World
Successfully Implementing BDD in an Agile WorldSmartBear
 
The Best Kept Secrets of Code Review | SmartBear Webinar
The Best Kept Secrets of Code Review | SmartBear WebinarThe Best Kept Secrets of Code Review | SmartBear Webinar
The Best Kept Secrets of Code Review | SmartBear WebinarSmartBear
 
How Capital One Scaled API Design to Deliver New Products Faster
How Capital One Scaled API Design to Deliver New Products FasterHow Capital One Scaled API Design to Deliver New Products Faster
How Capital One Scaled API Design to Deliver New Products FasterSmartBear
 
Testing Without a GUI Using TestComplete
Testing Without a GUI Using TestComplete Testing Without a GUI Using TestComplete
Testing Without a GUI Using TestCompleteSmartBear
 
Hidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script ExtensionsHidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script ExtensionsSmartBear
 
How Bdd Can Save Agile
How Bdd Can Save Agile How Bdd Can Save Agile
How Bdd Can Save AgileSmartBear
 
API Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesAPI Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesSmartBear
 

Más de SmartBear (20)

Enforcing Your Organization's API Design Standards with SwaggerHub
Enforcing Your Organization's API Design Standards with SwaggerHubEnforcing Your Organization's API Design Standards with SwaggerHub
Enforcing Your Organization's API Design Standards with SwaggerHub
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
 
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
 
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
 
How LISI Automotive Accelerated Application Delivery with SwaggerHub
How LISI Automotive Accelerated Application Delivery with SwaggerHubHow LISI Automotive Accelerated Application Delivery with SwaggerHub
How LISI Automotive Accelerated Application Delivery with SwaggerHub
 
Standardising APIs: Powering the Platform Economy in Financial Services
Standardising APIs: Powering the Platform Economy in Financial ServicesStandardising APIs: Powering the Platform Economy in Financial Services
Standardising APIs: Powering the Platform Economy in Financial Services
 
Getting Started with API Standardization in SwaggerHub
Getting Started with API Standardization in SwaggerHubGetting Started with API Standardization in SwaggerHub
Getting Started with API Standardization in SwaggerHub
 
Adopting a Design-First Approach to API Development with SwaggerHub
Adopting a Design-First Approach to API Development with SwaggerHubAdopting a Design-First Approach to API Development with SwaggerHub
Adopting a Design-First Approach to API Development with SwaggerHub
 
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
 
Effective API Lifecycle Management
Effective API Lifecycle Management Effective API Lifecycle Management
Effective API Lifecycle Management
 
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
 
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
 
Artificial intelligence for faster and smarter software testing - Galway Mee...
Artificial intelligence for faster and smarter software testing - Galway Mee...Artificial intelligence for faster and smarter software testing - Galway Mee...
Artificial intelligence for faster and smarter software testing - Galway Mee...
 
Successfully Implementing BDD in an Agile World
Successfully Implementing BDD in an Agile WorldSuccessfully Implementing BDD in an Agile World
Successfully Implementing BDD in an Agile World
 
The Best Kept Secrets of Code Review | SmartBear Webinar
The Best Kept Secrets of Code Review | SmartBear WebinarThe Best Kept Secrets of Code Review | SmartBear Webinar
The Best Kept Secrets of Code Review | SmartBear Webinar
 
How Capital One Scaled API Design to Deliver New Products Faster
How Capital One Scaled API Design to Deliver New Products FasterHow Capital One Scaled API Design to Deliver New Products Faster
How Capital One Scaled API Design to Deliver New Products Faster
 
Testing Without a GUI Using TestComplete
Testing Without a GUI Using TestComplete Testing Without a GUI Using TestComplete
Testing Without a GUI Using TestComplete
 
Hidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script ExtensionsHidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script Extensions
 
How Bdd Can Save Agile
How Bdd Can Save Agile How Bdd Can Save Agile
How Bdd Can Save Agile
 
API Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesAPI Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship Rules
 

Último

A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 

Último (20)

A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 

Test and Protect Your API

  • 1. @Axway @SmartBear #APISecurity Test & Protect Your API Practical Tips to Achieve API Security Nirvana with Axway & Ready! API 1
  • 2. @Axway @SmartBear #APISecurity The API Lifecycle – SmartBear approach SmartBear Confidential and  Open source based and driven  Integrated tools for Dev/Test across API lifecycle  Extendable and easily integrated into API lifecycle workflow  Data driven and automated  Protocol and runtime independent  Leverage and reuse assets across lifecycle  Democratize advanced dev/test capabilities
  • 3. @Axway @SmartBear #APISecurity  Axway technology manages interactions between applications, people and communities.  Security and integration across B2B (EDI, MFT, and APIs)  Positioned as a leader in Gartner Magic Quadrants for “On-Premises Application Integration Suites” and for “Application Services Governance” 3 About Axway
  • 4. @Axway @SmartBear #APISecurity Webinar Attendee Statistics 3% 41% 56% How important is API Security to your organization? Not important at all Growing importance Very important 23% 65% 12% How much API Security testing do you do today? None Some Extensive 56% of attendees for this webinar responded that API security is “very important,” and yet only 12% are doing extensive security testing
  • 5. @Axway @SmartBear #APISecurity  Security vulnerabilities related to APIs  Enabling account information exposure (Snapchat) 5 APIs – A soft underbelly for security?
  • 6. @Axway @SmartBear #APISecurity 6 IRS Data Breach Insecure API Access
  • 7. @Axway @SmartBear #APISecurity 7 And more security vulnerabilities…
  • 8. @Axway @SmartBear #APISecurity  Insecure APIs are often the source of mobile app security issues  Sniffers can detect insecure API calls 8 Mobile App vulnerabilities are often API vulnerabilities in disguise… Source: http://www.troyhunt.com/2014/10/find-crazy-stuff-in-mobile-app.html
  • 9. @Axway @SmartBear #APISecurity  Problem:  API Keys are often simply passed in URLs  &APIKey=123456  Vulnerable to sniffing and replay attacks  Amazon uses two keys:  Secret Key ID to perform HMAC signing  With detection of replay attacks  Access Key ID to identify the client 9 Beware Weak API Key Authentication
  • 10. @Axway @SmartBear #APISecurity 10 The solution – API Management Configure API Keys Configure OAuth
  • 11. @Axway @SmartBear #APISecurity  Managing usage quotas for APIs to prevent misuse of DoS 11 Quota Management for APIs Configure Quotas
  • 12. @Axway @SmartBear #APISecurity 12 The Role of the API Gateway
  • 13. @Axway @SmartBear #APISecurity  Protective Security  Content-Level Threats (XDoS, XXE, etc)  WAF functionality (OWASP Top Ten, etc)  Throttling  Policy Decision and Enforcement Point  STS- Security Token Creation, Consumption, Mediation  Dynamic Authorization  Data Flow Introspection and Governance  Integration (lightweight ESB)  Heterogeneous, Vendor Agnostic  Multiple Protocol and Standard Support  Enterprise Architecture Intelligence and Protection  SSO Enablement  Architecture wide auditing and risk analysis 13 API Gateway – Security and more
  • 14. @Axway @SmartBear #APISecurity API Gateway protects against threats to Web Services / APIs including:  Unauthorised Access  Parameter Manipulation and Data Harvesting  Network eaves dropping  Disclosure of sensitive customer data  Message replay 14 Security provide by API Gateways Unauthorised Access Parameter Manipulation Virus Insertion Consumer Network Eavesdropping Message Replay Firewall API Disclosure of customer data Standard network firewalls offer no protection against these threats
  • 15. @Axway @SmartBear #APISecurity Client Applications REST API SOAP/XML/REST/JSON API Manager Services Applications Data Application Developers API Portal API API Registration & Lifecycle API Catalog Partner & Policy Administration Self-Service API consumption Build developer community New channel to market brand API Developers API Administrators Self-register to resources Browse and learn APIs Manage application credentials R E S T SOAP Web Services POX, JMS, FTP Integration with non- REST API services Policy Enforcement API Gateway Register and manage API lifecycle Perform partner, policy and process admin Monitor and report API use Policy Developers Create and extend policies Integrate with applications and infrastructure API Gateways in API Management
  • 16. @Axway @SmartBear #APISecurity  API breaches can result in:  Stolen data  Server attacks  Spoofing  IoT device tampering 16 API Security testing: Why is it so important?
  • 17. @Axway @SmartBear #APISecurity • We want to know as much as possible about an API’s endpoints, messages, parameters, behavior • The more we know about the API’s surface – the better we can target our attack! Thinking like a hacker
  • 18. @Axway @SmartBear #APISecurity  OWASP.ORG  Identify the most likely “soft spots”  Run all the scans but automate & repeat the most important ones  Don’t neglect payload analysis  Pay attention and respond quickly 18 Looking for vulnerabilities in your API
  • 19. @Axway @SmartBear #APISecurity Show Me How to Protect My API 19
  • 20. @Axway @SmartBear #APISecurity Demo – Scenario Bank Account API with – One method for users get balance one of their accounts – Vulnerable to SQL Injection User authentication out of scope – Focus on the SQL Injection attack
  • 21. @Axway @SmartBear #APISecurity Demo – Detecting API Threats API vulnerable to SQL injections Definition imported prior to demo 1. Normal request 2. scanning GET http://<host>/account/balance?accnt=123456789 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=123456789;  Returns the balance from account 123456789 GET http://<host>/account/balance?accnt=1 OR 1=1 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=1 OR 1=1;  Returns the balance from all accounts!
  • 22. @Axway @SmartBear #APISecurity Demo – Protecting Against API Threats Threat Protection API Gateway Protected API API Manager 1. Normal request 2. scanning API vulnerable to SQL injections GET http://<host>/account/balance?accnt=123456789 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=123456789;  Returns the balance from account 123456789 GET http://<host>/account/balance?accnt=1 OR 1=1 HTTP/1.1  Detected and Blocked by Axway API Gateway!
  • 23. @Axway @SmartBear #APISecurity Key Takeaways API Protection API Testing Create APIs with Confidence  Put protection in place for your APIs  Apply throttling, input validation, threat detection  Block the full spectrum of attacks  OWASP.org is your friend  Focus on most likely vulnerabilities first  Build security testing into your dev plans 23
  • 24. @Axway @SmartBear #APISecurity Try For Free FREE TRIAL FREE TRIAL

Notas del editor

  1. Self-service API consumption Developers can browse APIs and register applications Build a partner and developer community around the APIs New channel to promote brand API catalog Browseable registry of APIs API lifecycle management Register, publish, version, deprecate API administration Client administration & policy management Monitor & manage API usage API policy enforcement API proxy for enforcing common policies