Hi [[ session.user.profile.firstName ]]

Managing API Driven Applications

As the API economy accelerates, providing business services are increasingly being built using microservices and APIs. Join us on this webinar to learn how to manage your application APIs - understand the difference between internal, external and backend APIs, learn what API technology is right for your products and services and how to understand and manage the underlying performance implications and media transmissions, API security, and what you need to know about API compatibility and versions.
Recorded Oct 5 2021 41 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Renata Budko
Presentation preview: Managing API Driven Applications

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Data Breaches: How API's have become the top attack vector for data loss Recorded: Sep 20 2022 18 mins
    Sudeep Padiyar, Director of Product Management @ Traceable AI
    As the majority of sensitive data now flows through API's in organizations, data leakage needs to be prevented by monitoring behavioral anomalies anchored around sensitive data sets. We will cover how building baselines of sensitive data usage by the standard user population vis a vis suspicious users, API call flow, inter API time intervals, and device fingerprinting, etc., can help prevent sensitive data exfiltration via APIs. This session will also include examples of how a range of API Abuse patterns have been detected using this approach.
  • API Hacking Stories - Cautionary Tales Recorded: Sep 13 2022 22 mins
    Dr. Katie Paxton-Fear | Ethical Hacker, Researcher & Lecturer @ Manchester Metropolitan University
    Learn from real-world API attacks and vulnerabilities from API Security researcher, Dr. Katie Paxton-Fear.

    In this discussion, Katie shares a few cautionary tales about how different teams left their APIs exposed and unintentionally opened their organization to API attacks and abuse. Take this opportunity for you to learn firsthand about how other organizations found themselves vulnerable to attacks and then revisit your API security practices and posture.
  • Anatomy of an API Attack: Applying MITRE Framework to API Threat Recorded: Aug 31 2022 25 mins
    Upendra Mardikar - CSO @Snap Finance, Renata Budko - Head of Product @Traceable AI
    In this talk we will take a look at the practical issues of security APIs through the length of the MITRE framework. We will discuss:

    - An overview of MITRE framework
    - How well known API attack vectors map to known adversary tactics and technique
    - A real-world use case of an attack that has started as an API breach and got developed into a full-fledged MITRE-style att@k
    - Effective mitigations for API exploits

    Renata Budko, Head of Product, Traceable AI
    Upendra Mardikar, Chief Security Officer, Snap Finance

    *replay from August 4, 2022 Traceable Forum (hosted by SANS Institute): Solving the Next Generation of Application Security Solutions Forum - https://t7e.ai/jvpqrs
  • Shift Left API security - the Right way Recorded: Aug 30 2022 26 mins
    Sanjay Nagaraj – Co-founder and CTO at Traceable AI
    To expand on Mark Andreessen’s famous 2011 postulate about software eating the world. . . “APIs are now eating the world”.

    But how can we secure them?

    AppSec practices now heavily depend on API security. However, traditional application security tools such as legacy WAFs, RASP, as well as the long list of testing solutions like SCA, SAST and DAST don’t look at the unique behavior and functionality of APIs, so they are ineffective at detecting and blocking API attacks.

    To effectively protect APIs, we need to understand the context around each API, a capability which one-off scanners can’t do.

    Learn from Traceable AI CTO and co-founder, Sanjay Nagaraj, as he looks at the evolution of APIs and provides a new industry framework to help you identify the must-haves in an API security platform.
  • API Abuse: Data breaches Now & Future Recorded: Aug 30 2022 29 mins
    Sudeep Padiyar, Product Manager @Traceable AI and Tim Davis, Director of Risk for Move Money Products @Chime
    API’s are the inter-connectivity pipe through which data flows between apps and to/from users including threat actors. As the amount of sensitive data which flows through API’s increases manifold it is imperative that security teams get a better understanding of the volumes of traffic leaving their apps.

    From fake accounts creation to account takeovers to data exfiltration to API Fraud the abuse of API’s needs a new approach to ensure API’s don’t become the attack vector for data breaches.

    *recording from APISecure 2022
  • API Catalog: First step towards API Security Recorded: Aug 30 2022 24 mins
    Amod Gupta, Product Manager @Traceable AI
    API security begins with being able to automatically monitor, catalog and track changes to APIs and their distributed interactions in real time. In this session we talk about the need for an actionable API Catalog, functionality that such a catalog needs to provide and how security teams can go about creating one.
  • Harnessing the Speed of Innovation Recorded: Aug 30 2022 25 mins
    Jyoti Bansal – CEO/Co-Founder at Traceable AI, Harness and Co-Founder & Entrepreneur Partner at Unusual Ventures
    Modern business success is defined by the ability of leaders to inspire their teams to innovate and deliver value for their customers. In a rapidly changing and competitive market, speed and velocity is the key to success.

    However, modern applications also face incredibly complex technical and business challenges. Learn from serial entrepreneur and investor Jyoti Bansal about the key principles that leaders need to account for when building their teams and defining their culture.

    *session from APISecure 2022
  • API Hacking Toolbox Recorded: Aug 29 2022 27 mins
    Dr. Katie Paxton-Fear | Ethical Hacker, Researcher & Lecturer @ Manchester Metropolitan University
    API Security starts with understanding your API inventory and the business risk of your APIs. In this educational session with Dr. Katie Paxton-Fear, she shares her perspective on the API hacking tools in her kit as she researches and studies API security. She will share how she approaches an API security hacking/testing exercise in order to evaluate a potential target and then the tools she would use to assess APIs for specific vulnerabilities.
  • eBPF - The Future of API Security and Observability Recorded: Aug 26 2022 77 mins
    Sanjay Nagaraj (CTO & Co-founder), Santosh Sahu (Principal Engineer), Inon Shkedy (Head of Security Research)
    Just like the James Webb Telescope provides unparalleled visibility into the cosmos, we’re in the middle of a similar revolution in application observability and security, eBPF. This webinar will explain and explore how observability through extended Berkeley Packet Filter can be leveraged for greater API security and how it can unlock deep application and API insight.

    Traceable Co-Founder and CTO Sanjay Nagaraj and his team will cover:
    - What is eBPF
    - How eBPF works for observability
    - What eBPF observability means for API Security
    - How Traceable uses eBPF to catalog and protect APIs
  • API Security & the OWASP API Top10 - API Penetration Testing (Part 4 of 4) Recorded: Mar 21 2022 45 mins
    Inon Shkedy, Head of Research @ Traceable AI
    In this 4-part webinar series, Inon Shkedy (Head of Security Research at Traceable AI; co-author OWASP API Top 10) explores the OWASP API Top 10 project and provides detailed explanations about the API threats documented in the OWASP project.

    In this episode, Inon reviews and explains API Penetration Testing:
    - How to approach API pentesting
    - How to find OWASP API Vulnerabilities
    - How to leverage the predictable nature of REST APIs
    - What to do if you get stuck during a pentest

    API Security Webinar Series:
    Episode 1 - Why OWASP API & #1 BOLA
    Episode 2 - OWASP API Top 10 #'s 2 - 5
    Episode 3 - OWASP API Top 10 #'s 6 - 10
    Episode 4 - API Penetration Testing - This one!

    To learn more about Traceable AI | https://traceable.ai
    To request a live demo or meeting | https://www.traceable.ai/request-demo
  • API Security & the OWASP API Top10 (#6 - #10) - Part 3 of 4 Recorded: Mar 21 2022 37 mins
    Inon Shkedy, Head of Research @ Traceable AI
    In this 4-part webinar series, Inon Shkedy (Head of Security Research at Traceable AI; co-author OWASP API Top 10) explores the OWASP API Top 10 project and provides detailed explanations about the API threats documented in the OWASP project.

    In this episode, Inon provides details about 5 additional API vulnerabilities:
    - Mass Assignment
    - Security Misconfiguration
    - Injection
    - Improper Assets Management
    - Insufficient Logging & Monitoring

    Inon explains how these vulnerabilities have been exploited in the wild, why developers write code that is vulnerable to them, and how attackers can take advantage of the situation for their own profit.

    API Security Webinar Series:
    Episode 1 - Why OWASP API & #1 BOLA
    Episode 2 - OWASP API Top 10 #'s 2 - 5
    Episode 3 - OWASP API Top 10 #'s 6 - 10 - This one!
    Episode 4 - API Penetration Testing

    To learn more about Traceable AI | https://traceable.ai
    To request a live demo or meeting | https://www.traceable.ai/request-demo
  • API Security & the OWASP API Top10 (BUA - BFLA) - 2 of 4 Recorded: Mar 21 2022 35 mins
    Inon Shkedy, Head of Research @ Traceable AI
    In this 4-part webinar series, Inon Shkedy (Head of Security Research at Traceable AI; co-author OWASP API Top 10) explores the OWASP API Top 10 project and provides detailed explanations about the API threats documented in the OWASP project.

    In this episode, Inon provides details about 4 API vulnerabilities:
    - Broken User Authentication
    - Excessive Data Exposure
    - Lack of Resources & Rate Limiting
    - Broken Function Level Authorization

    Inon explains how these vulnerabilities have been exploited in the wild, why developers write code that is vulnerable to them, and how attackers can take advantage of the situation for their own profit.

    API Security Webinar Series:
    Episode 1 - Why OWASP API & #1 BOLA
    Episode 2 - OWASP API Top 10 #'s 2 - 5 - This one!
    Episode 3 - OWASP API Top 10 #'s 6 - 10
    Episode 4 - API Penetration Testing

    To learn more about Traceable AI | https://traceable.ai
    To request a live demo or meeting | https://www.traceable.ai/request-demo
  • API Security & the OWASP API Top10 (BOLA/IDOR) - Part 1 of 4 Recorded: Mar 21 2022 39 mins
    Inon Shkedy, Head of Research @ Traceable AI
    In this 4-part webinar series, Inon Shkedy (Head of Security Research at Traceable AI; co-author OWASP API Top 10) explores the OWASP API Top 10 project and provides detailed explanations about the API threats documented in the OWASP project.

    In the first episode in the series, Inon shares the motivation behind the project and answers the following questions:

    - Why is there a need for a new OWASP project for APIs?
    - How has application security changed in the last few years?
    - Why have APIs become such an attractive target for attackers?

    He also covers the most critical API vulnerability - Broken Object Level Authorization (BOLA) and explains how attackers have managed to exploit it in many large companies like Uber, Facebook, and Verizon.

    API Security Webinar Series:
    Episode 1 - Why OWASP API & #1-BOLA - This one!
    Episode 2 - OWASP API Top 10 #2 - #5
    Episode 3 - OWASP API Top 10 #6 - #10
    Episode 4 - API Penetration Testing

    To learn more about Traceable AI | https://traceable.ai
    To request a live demo or meeting | https://www.traceable.ai/request-demo
  • A New Perspective from Log4shell: Exploit Prevention from Containers to APIs Recorded: Mar 9 2022 60 mins
    Sudeep Padiyar (Traceable AI) & Steve Coplan (Aqua Security)
    Digital transformation is driving applications and data to the cloud, where cloud-native applications enable innovation, growth, and opportunity. Protecting cloud-native applications is fundamentally different from protecting traditional IT systems. There is no fixed perimeter in the cloud, as microservices and applications connect through APIs. In the cloud, containers are created and destroyed depending on business demand, your infrastructure isn’t permanent, rather it’s ephemeral. A security professional looking at how to protect cloud-native applications must feel like Dorothy in the Wizard of Oz – “Toto, I’ve got a feeling we’re not in Kansas anymore.”

    This interactive discussion between Dana Gardner (Market Analyst @ Traceable AI), Steve Coplan (Strategic Product Marketing @ Aqua Security), and Sudeep Padiyar (Product Manager @ Traceable AI) explores the new challenges that security is facing, and helps viewers find their path to the yellow brick road that leads to a more robust cloud-native security posture.

    This webinar will help you understand:
    - How cloud-native is fundamentally different
    - Overview of security options
    - Ways to get started on your security posture
  • SBOM, Log4j, and the Future of Transparency in the Software Supply Chain Recorded: Feb 2 2022 59 mins
    Dr. Allan Friedman, Sr. Advisor & Strategist @ CISA, and Anoop Kartha, Sr. Solutions Engineer @ Traceable AI
    A software bill of materials (SBOM), like any other security feature, won't solve all our problems.

    But greater transparency in the software supply chain will:
    1.) Support more secure software development
    2.) Enable more informed decisions around software selection and purchase
    3.) Allow organizations to respond much more quickly and efficiently respond to new vulnerabilities

    This webinar will review the basics of SBOM, and use the recent log4j vulnerability to understand how SBOM can help—and also understand its limits. We'll close by offering some perspectives on how SBOM and related transparency efforts will grow and evolve in 2022 and beyond.
  • Log4shell Exploit Protection & QuickStart Guide with Traceable AI Recorded: Jan 18 2022 21 mins
    Sudeep Padiyar, Product Manager, and John Jeremiah, DevSecOps Evangelist & Marketing Director
    Join John Jeremiah, DevSecOps Evangelist, and Sudeep Padiyar, Product Manager, for a brief discussion on the Log4j / Log4shell Vulnerability and how Traceable can detect and protect you, and your organization, from the Log4shell vulnerability - introducing Traceable AI's QuickStart Protection Guide.
  • Detecting and Protecting the Log4shell Vulnerability Recorded: Dec 16 2021 61 mins
    Sudeep Padiyar, Inon Shkedy and Dan Gordon
    Learn how to detect and prevent the Log4shell/Log4j vulnerability.

    In early Dec 2021, a new and severe vulnerability (​​CVE-2021-44228) has been identified in the widely used Apache Log4shell / Log4j Java logging package which gives the attacker the ability to run unauthenticated remote code execution on a targeted server.

    This vulnerability is actively being exploited. Well-known web services and applications such as Apple iCloud, Twitter, Amazon, Baidu, and Minecraft are reported to have all been targeted.

    This webinar will help you understand:
    - How the Log4shell / Log4j vulnerability creates significant risk
    - Overview of mitigation strategies
    - How Traceable AI can detect and block the exploit
    - Extended Q&A
  • Hunting Down the Top API Security Threats to Your Applications Recorded: Dec 3 2021 34 mins
    Inon Shkedy, Head of Research @ Traceable AI
    Do you really know how secure your cloud applications are? You have a web application firewall in place, an API gateway in place, and are using a cloud identity and access management service. So you’re goof right?

    In this session we’ll learn about the top API vulnerabilities and see live how to find them and protect yourself against them.

    We will explore the OWASP API Top 10 and the new security challenges and strategies to understand the application, how it is changing, and how to detect anomalies to block threats, making businesses more secure and resilient.

    Join Inon Shkedy, Co-Leader of OWASP API Top 10 project and Traceable AI Security Researcher, and Anoop Kartha, API Security Evangelist to learn:
    - Why API vulnerabilities are different from traditional web application vulnerabilities
    - Why your traditional application security solutions aren’t enough
    - What are the top vulnerabilities you should be concerned about
    - How to detect and block bad actors from using these vulnerabilities against you
  • How To Detect & Thwart API Vulnerabilities Recorded: Dec 2 2021 51 mins
    Dana Gardner, Principal Analyst @ Interarbor Solutions & Sanjay Nagaraj, Co-Founder & CTO @ Traceable AI
    Please join us as Dana Gardner, Principal Analyst at Interarbor Solutions, and Sanjay Nagaraj, Co-Founder & CTO at Traceable AI, as they discuss the evolution of application security – and where it’s heading, the purpose for starting Traceable AI and how Traceable AI’s new platform is aiming to make APIs reach their enormous potential safely and securely. Traceable AI’s new platform is designed specifically to define, manage, secure and optimize the API underpinnings for so much of what drives today’s digital business.
  • Flying Blind? The Case for API Security & Observability - SANS Cyber Fest 2021 Recorded: Dec 1 2021 32 mins
    John Jeremiah, Director at Traceable AI
    The business demanded rapid innovation. Software development and IT figured out how to provide it. But now we have a whole host of new problems. In the resulting world of cloud-native apps, micro-services, and API-driven applications, what we came to rely on for keeping it all running and secure is no longer enough.

    In this new fog, we are basically “flying blind”. Modern applications are extremely hard to secure and protect as they are complex and continuously changing. Our visibility of what we have, how it is behaving, and how it is being used (and abused) has diminished tremendously. So how do we begin to see through the fog once again?

    In this session you’ll learn:
    - Why are we flying blind
    - 4 key areas to focus on to stop flying blind
    - A way to get started quickly (for free!)
Traceable - Intelligent API Security at Enterprise Scale
Traceable identifies all of your APIs, and evaluates your API risk posture, stops API attacks that lead to incidents such as data exfiltration, and provides analytics for threat hunting and forensic research. With our solution, you can confidently discover, manage and secure all of your APIs, quickly deploy, and easily scale to meet the ongoing needs of your organization.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Managing API Driven Applications
  • Live at: Oct 5 2021 3:00 pm
  • Presented by: Renata Budko
  • From:
Your email has been sent.
or close