Name: [Virtual] OWASP Security Summit: API Security 101: How to Not Be Featured in a Top Ten Breaches List
Start: 2025-02-19T14:30:00-0800
End: 2025-02-19T14:55:00-0800

Wednesday February 19, 2025 2:30pm - 2:55pm PST

Virtual Dev Security World

Dan Barahona, APISec, Co-Founder

This talk will dive into the fundamentals and best practices for API Security. By understanding the 3 Pillars of API Security, encompassing governance, testing and monitoring, attendees will gain a comprehensive understanding of the essential elements required to safeguard APIs. The session will conclude with practical insights, offering best practices and valuable do's and don'ts for implementing and maintaining secure APIs.

Why are APIs under attack?
-83% of internet traffic are APIs
-APIs are under-secured

How do APIs get attacked?
Attackers look for APIs that are over-permissioned, return to much information, access unauthorized functions, and expose logic flaws. Attackers are able to bypass a web or mobile app and hit the API directly.

OWASP top 10!!
#1-#4 are the biggest issues

More compliance regulations are including testing APIs.
-PCI
-HIPPA
-GDPR
-FedRAMP

Speakers

Dan Barahona

Co-Founder, APIsec University

Dan is a 20+ year cybersecurity veteran, having held exec positions at companies including Qualys, ArcSight, Anomali and APIsec. He founded APIsec University in 2022 to offer free, non-vendor training on API security. The site has grown to over 50,000 students in its first 6 months... Read More →

Wednesday February 19, 2025 2:30pm - 2:55pm PST
Virtual Dev Security World

Dev Security World

Talk Type PRO Session
Track or Conference Dev Security World, Virtual
In-Person/Virtual Virtual

DeveloperWeek 2025

Dan Barahona

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!