API Security using Mulesoft

•Descargar como PPTX, PDF•

0 recomendaciones•420 vistas

It's my API security presentation at Beer, Biryani and Bytes help at Apisero office where I discussed how API can be threats and if not protected how vulnerable are our APIs will be especially to hackers. And has Mulesoft in its box to save your APIs from 'n' number of threats. To know more about API security using Mulesoft. Contact me on LinkedIn.

Tecnología

About the Presenter
Pritam Prakash,
Senior Consultant, Apisero
5 years of Experience in API SLDC
October 2019

In this meet-up we are gonna discuss about:
1. API Breaches: Who Will Be Next?
2. Understanding API Vulnerabilities
3. Security Auditing
4. What Mulesoft serve for API Security.
5. Securing Your APIs with Mulesoft
6. What we can do about it as developers, testers,
architects and security officers.

API attackers are knowing API’s more than you.

API VULNERABILITIES
1. Man in the Middle
2. CSRF Attack(Cross Site Request Forgery attacks)
3. SQL Injection
4. Distributed Denial of Services(Rate Limiting)
5. HTTPS and SSL Certificates
6. Firewall Optimizations
7. Logs
And much more……………………...

How can your RAML or OSA/Swagger can be targeted?

SQL Injections
How you thought it to be-:
How attackers find a way-:
What you not thought to be it was:

Whats a Secure API?
A secure API is one that can guarantee the confidentiality of the
information it processes by making it visible only to the Users,
Apps, and Servers that are authorized to consume it.

What Mulesoft serve for API Security.
1. API Gateways -Proxy and Policy Implementation
(Policy for every need)
1. Identity Access Management(federated identity standard)
2. Mule Security Manager
3. SSH
4. PGP Security
5. Secrets Manager

Policy Category Fulfills
Basic Authentication - LDAP and Simple Security Authentication
Client ID Enforcement Compliance Client ID Required
CORS Compliance CORS-enabled
Header Injection and Removal Transformation Header Injection/Header Removal
HTTP Caching Quality of Service HTTP Caching
IP Blacklist/IP Whitelist Security IP Filtered
JSON Threat Protection Security JSON Threat Protected
OAuth 2.0 Access Token Enforcement Using External Provider Policy Security OAuth 2.0 protected
OpenAM Access Token Enforcement Security OAuth 2.0 Protected
PingFederate Access Token Enforcement Security OAuth 2.0 Protected
Rate Limiting Quality of Service Rate Limited
Rate Limiting, SLA-Based Quality of Service Rate Limited, Client ID required
Spike Control Quality of Service Throttled, Rate Limited
XML Threat Protection Security XML Threat Protected
Tokenization/Detokenization Security Security
JWT Security Security

Analysis at Conclusion
● Discover Your APIs Before Attackers Discover Them
● Use a Combination of API Management and Web Application
Firewalls to Protect APIs, in Conjunction With Identity Infrastructure
● Adopt a Continuous Approach to API Security
● Use a Distributed Enforcement Model to Protect APIs Across Your
Entire Architecture, Not Just at the Perimeter

Más contenido relacionado

La actualidad más candente

By 2020, Gartner predicts 60% of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. As security failures quickly become headline news, CIOs and CISOs are under tremendous pressure to keep the business secure -- without slowing the business down. That's why incorporating security by design into applications and services is so crucial for the enterprise. In this session, we will discuss how applications networks are helping organizations federate security best practices, leverage machine learning to more proactively respond to threats and deliver defense in depth.

Secure by design: Scaling security across the enterprise

MuleSoft

API Security Lifecycle

Apigee | Google Cloud

More and more enterprises today are doing business by opening up their data and applications through APIs. Though forward-thinking and strategic, exposing APIs also increases the surface area for potential attack by hackers. To benefit from APIs while staying secure, enterprises and security architects need to continue to develop a deep understanding about API security and how it differs from traditional web application security or mobile application security.

API Security: Securing Digital Channels and Mobile Apps Against Hacks

Akana

apidays LIVE Paris - Principles for API security by Alan Glickenhouse

apidays

API Security and Management Best Practices

CA API Management

Object Store V2 Workshop

MuleSoft

apidays LIVE Paris - Creating a scalable ecosystem of Microservices by Archan...

apidays

APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are right to be concerned about API security. In this SlideShare, you'll learn: -The top API security concerns -How the IT industry is dealing with those concerns -How Anypoint Platform ensures the three qualifications needed to keep APIs secure

Best Practices for API Security

MuleSoft

Designing and building Mule applications

MuleSoft

Identity and Client Management using OpenID Connect and SAML

pqrs1234

What are the biggest cyber threats facing financial and healthcare entities today and in the near future? How can organizations embrace innovation and agile development culture while balancing the time to market goals with risk management? Jason Kobus, director, API Banking, Silicon Valley Bank, and Apigee's head of security, Subra Kumaraswamy, present how an effective API program combined with a secure API management platform can - provide visibility for all security threats targeting their backend services - control access to sensitive data - end-to-end - enable developers to build secure apps with secure APIs - facilitate secure access with partners and developers

Deep-Dive: API Security in the Digital Age

Apigee | Google Cloud

The main goal of Mulesoft's API Modelling Framework (AMF) is to provide a way for developers to interact with API specifications written in either RAML or OpenAPI. This talk will give an overview of the API Modelling Framework, a set of tools to model, query and expose all aspects of an API specification. During this talk, we will go through several use cases, some simple and some more complex ones, to showcase how this can be useful at all stages of the API design process. We will show how the API Modelling Framework stores model and data for the model in a single unified data graph, and how it persists and allows querying using a declarative language. We will also show how, thanks to the formal qualities of the tools, automatic reasoning can be used to add inferred data to the model in order to solve particular data integration scenarios. - Github repo: https://github.com/raml-org/api-modeling-framework - Playground: https://mulesoft-labs.github.io/amf-playground/

Gluecon 2017: API Modelling Framework - A Toolbox for Interacting With API S...

MuleSoft

Building better security for your API platform using Azure API Management

Eldert Grootenboer

CloudHub and other Cloud Deployment Options

MuleSoft

apidays LIVE New York 2021 - Top 10 API security threats every API team shoul...

apidays

Toronto Virtual Meetup #5 - API Security and Threats

Alexandra N. Martinez

Rtf externalize tls MuleSoft meetup

Sandeep Deshmukh

I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...

Apigee | Google Cloud

Bangalore mulesoft meetup#10

D.Rajesh Kumar

Protecting APIs from Mobile Threats- Beyond Oauth

Apigee | Google Cloud

La actualidad más candente (20)

Secure by design: Scaling security across the enterprise

API Security Lifecycle

API Security: Securing Digital Channels and Mobile Apps Against Hacks

apidays LIVE Paris - Principles for API security by Alan Glickenhouse

API Security and Management Best Practices

Object Store V2 Workshop

apidays LIVE Paris - Creating a scalable ecosystem of Microservices by Archan...

Best Practices for API Security

Designing and building Mule applications

Identity and Client Management using OpenID Connect and SAML

Deep-Dive: API Security in the Digital Age

Gluecon 2017: API Modelling Framework - A Toolbox for Interacting With API S...

Building better security for your API platform using Azure API Management

CloudHub and other Cloud Deployment Options

apidays LIVE New York 2021 - Top 10 API security threats every API team shoul...

Toronto Virtual Meetup #5 - API Security and Threats

Rtf externalize tls MuleSoft meetup

I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...

Bangalore mulesoft meetup#10

Protecting APIs from Mobile Threats- Beyond Oauth

Similar a API Security using Mulesoft

Standard API security approaches and best practices that harden your API security can ensure safe and secure operations. However, these approaches may not be enough to protect your backend from sophisticated data extrusion through API key attacks, low and slow data scrapping that blend with your legitimate traffic. Enter data driven security. This session at I Love APIs 2014 covered how your API data can help you gain insights to traffic anomalies and security/privacy abuse. And how you can mitigate risks using data driven API security controls.

Data-driven API Security

Apigee | Google Cloud

What do Google, Facebook, Paypal, IRS, and USPS have in common? The answer is hackers exploited their APIs to access sensitive customer information. Although these API attacks were detected and exposed, most API-based attacks go undetected in today's technologically sophisticated world – particularly attacks that come from authenticated sources. With the number of APIs increasing constantly right along with the number of API attacks, API security has never been so important to an organization's success. YOU MUST REGISTER HERE TO GET THE CONFERENCE LINK: https://bigcompass.typeform.com/to/emg9DO Ping Identity and Azure have partnered together with a market-leading solution to tackle the complexities and nuances of protecting API infrastructures and the digital assets that they connect. This session will discuss today’s API threat landscape and explore what you can do to both detect and block advanced attacks on APIs. The presentation will first dive into the API development lifecycle using a live API built with Azure. We will look at some common monitoring capabilities on the Azure API and what a security violation would look like. Then, we will have some fun by simulating attacks on our own API. In this phase of the presentation, we will simulate some basic attacks and show how security policies or a web application firewall can block these common attacks. From there, we will dive even deeper by simulating more advanced attacks from authenticated users (data theft and API takeover), hackers who have reverse engineered an API, and layer 7 DoS attacks that fly under the SLA radar. This is where we will showcase PingIntelligence’s advanced capabilities by showing how a Azure API (or any other API) can connect with PingIntelligence to detect and prevent sophisticated attacks. This will allow the audience to see how the PingIntelligence software uses AI to discover and model normal behavior on an API to block and report on advanced attacks.

Layered API Security: What Hackers Don't Want You To Know

AaronLieberman5

Threat protection and application access controls are key security mechanisms that protect APIs when exposed to internal or external users and developers. In this technical deep-dive webcast, Apigee's security team, led by Subra Kumaraswamy, will discuss API threats and the protection mechanisms that every API and app developer must implement for safe and secure API management. This webcast will cover: - the API threat model - how to design and implement appropriate guardrails for API security using build-in policies and configuration - a demo of Apigee Edge threat protection features, including TLS encryption, XML/JSON/SQL injection attacks, and rate limiting Whether you're an IT security architect or an API or app developer, this webcast will help you understand secure API management. Download Podcast: http://bit.ly/1biiJQS Watch Video: http://youtu.be/ffs35w1RYRI

Deep-Dive: Secure API Management

Apigee | Google Cloud

OpenId Connect Protocol

Michael Furman

Web API Security

Stefaan

How Secure is Your API?

Mary Joy Sabal

Gateway/APIC security

Shiu-Fun Poon

By now you’ve bought into the idea of using APIs to integrate cloud, mobile devices and the enterprise. But are building safe APIs? One insecure API can increase your organization’s risk profile exponentially. Securing APIs is not like securing the web—a point lost on many developers coming from a web-centric background. Learn what good practices to put in place and the common security anti-patterns you must avoid to ensure your company’s APIs are reliable, safe and secure. You will learn: • The top ways hackers exploit APIs in the wild • Common identity pitfalls and how to avoid them • Why OAuth scopes are essential to master • How to keep web developers from bringing bad habits with them

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

CA API Management

We will look at how API security works with MuleSoft including the API development lifecycle and implementing security policies on a live API from Anypoint Platform API Manager. We will also display the monitoring capabilities from API Manager and what a policy violation looks like. Then, we will have some fun by simulating hacks on our own API. We will simulate some common attacks and how API Manager and/or a WAF can block these common attacks. From there, we will dive even deeper by simulating very advanced attacks like OAuth token hijacking, data theft, and DoS attacks that fly under the SLA radar. This is where we will implement an AI engine like PingIntelligence’s Anypoint integration custom API policy to show how a MuleSoft API can use an AI software like PingIntelligence to discover and model normal behavior for your APIs to block and report on advanced attacks.

What Hackers Don’t Want You To Know: How to Maximize Your API Security

AaronLieberman5

APIs accelerate agility, empower developers, and enable innovative business strategies. But how do you ensure the security of your API architecture as you expose your corporate data to mobile apps, developers, and partners? Does your API security framework enable DevOps agility and a scalable security model for IT? Join Apigee’s Tim Mather and Subra Kumaraswamy as they discuss API security considerations for DevOps, CSOs, and security professionals. Learn about API security, threat protection, identity capabilities, infrastructure security, and compliance.

API Security from the DevOps and CSO Perspectives (Webcast)

Apigee | Google Cloud

APIC/DataPower security

Shiu-Fun Poon

API Security has become an important concern in recent times as organizations are more cautious about exposing raw, sensitive data via APIs. Therefore, it is important that APIs adhere to the OpenAPI Specification (OAS) to ensure API security. WSO2 has partnered with 42Crunch, to bring in the ability to conduct a security audit on the OpenAPI Specification definition, and to obtain an audit report. The WSO2 API Manager 3.1 brings a lot of interesting features, including the ability to run 42Crunch’s audit tool directly from the API Publishing portal. In this webinar, we will: - Explain the advantages of introducing security at design time - Introduce the 42Crunch audit functionality - Explain how 42Crunch and WSO2 API Manager can be used together for better API Security

42Crunch Security Audit for WSO2 API Manager 3.1

WSO2

With the number of APIs increasing constantly right along with the number of cyber attacks, API security has never been so important to success in an enterprise. This MuleSoft Meetup was a co-presentation from Big Compass and PingIntelligence by Ping Identity. We looked at how API security works with MuleSoft including the API development lifecycle and implementing security policies on a live API from Anypoint Platform API Manager. We also displayed the monitoring capabilities from API Manager and what a policy violation might look like. Then, we had some fun by simulating hacks on our own API. We simulated some common attacks and how API Manager and/or a WAF can block these common attacks. From there, we dove even deeper by simulating very advanced attacks like OAuth token hijacking, data theft, and DoS attacks that fly under the SLA radar. This is where we implemented PingIntelligence’s Anypoint integration custom API policy, showed how a MuleSoft API can connect with PingIntelligence, and how PingIntelligence uses AI to discover and model normal behavior and learn about your APIs to prevent and report on advanced attacks and instruct Anypoint Platform to stop these requesters.

What Hackers Don’t Want You To Know: How to Maximize Your API Security

AaronLieberman5

apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture

apidays

Title: How To Fix The Most Critical API Security Risks Description: Businesses are constantly looking for ways to improve their operations. One way to do this is by using APIs. APIs allow businesses to automate workflows, systems and applications. This can be helpful in many ways, but it can also be a source of security risks. If your business uses APIs, it is important to take precautions to protect them from cyberattacks. Learning Objectives: Importance of APIs in the digital ecosystem. Understand the top API Security risks. Practical tips to effectively secure APIs and workloads.

How To Fix The Most Critical API Security Risks.pdf

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

Learn about security architecture, security patterns for app and API access control, and best practices for threat management, data security, identity and compliance including: - how to approach API security for your API program? - the API security pillars - threat protection, data security and identity - best practices for integrating identity services into API management - how to meet compliance requirements for API products

How to Achieve Agile API Security

Apigee | Google Cloud

5 Best Practices To Make Your API More Protected Against Attackers.pdf

Probely

2022 APIsecure_The Real World, API Security Edition

APIsecure_ Official

As APIs continue to drive digital transformation efforts in the enterprise and support innovative customer experiences, securing them has never been more important. Principal Regional Solution Architect, Philippe Dubuc introduces how to leverage OpenID Connect, OAuth2 and new emerging standards to protect APIs at API Days Paris on 11 December, 2018. In addition, Philippe goes over how the Intelligent Ping Identity Platform can be used to protect APIs in a pro-active way and how AI can help to protect against attacks. Learn more: http://ow.ly/2Ojm30n1rCT

Standard Based API Security, Access Control and AI Based Attack - API Days Pa...

Ping Identity

With more APIs in circulation than ever before, there has been a direct correlation to the number of API abuses reported across industries. This is because APIs are such a valuable asset to bad actors, but many organizations have not yet woken up to the realities of the need to protect their APIs from abuse. If you couple that with the fact that attacks on APIs have become more sophisticated, with some attackers even using AI themselves, then you can see why even some of the more security-conscious organizations can have trouble properly securing their APIs. A robust API Security posture can be broken down into several areas including: Proper design and coding during the development process API governance and compliance through visibility of all your APIs (shadow too!) and a mapping of how they connect to each other. General application and API protection from tools such as API gateways, WAFs, NG-WAF, and RASPS An always-updating understanding of your user behaviors regarding your APIs. You won’t have comprehensive API security without solutions in each of these areas. We will also discuss: The roles of API developers, infosec, support, and enterprise architects as it relates to API security Microservices role in making it difficult to secure your APIs The importance of inventorying your APIs How technologies like Traceable can help protect your APIs against advanced attacks Key takeaways: Why your API's are a key attack surface for modern bad actors Why APi's are so much harder to secure than traditional web traffic What's necessary to secure your APIs Why yesterday's solutions can't solve today's new API security challenges

API Security - Everything You Need to Know To Protect Your APIs

AaronLieberman5

Similar a API Security using Mulesoft (20)

Data-driven API Security

Layered API Security: What Hackers Don't Want You To Know

Deep-Dive: Secure API Management

OpenId Connect Protocol

Web API Security

How Secure is Your API?

Gateway/APIC security

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

What Hackers Don’t Want You To Know: How to Maximize Your API Security

API Security from the DevOps and CSO Perspectives (Webcast)

APIC/DataPower security

42Crunch Security Audit for WSO2 API Manager 3.1

What Hackers Don’t Want You To Know: How to Maximize Your API Security

apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture

How To Fix The Most Critical API Security Risks.pdf

How to Achieve Agile API Security

5 Best Practices To Make Your API More Protected Against Attackers.pdf

2022 APIsecure_The Real World, API Security Edition

Standard Based API Security, Access Control and AI Based Attack - API Days Pa...

API Security - Everything You Need to Know To Protect Your APIs

Último

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Developing An App To Navigate The Roads of Brazil

V3cube

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

API Security using Mulesoft

1. Greetings for the Day!

2. About the Presenter Pritam Prakash, Senior Consultant, Apisero 5 years of Experience in API SLDC October 2019

3. API Security GAME OF API’s - PART 1

4. In this meet-up we are gonna discuss about: 1. API Breaches: Who Will Be Next? 2. Understanding API Vulnerabilities 3. Security Auditing 4. What Mulesoft serve for API Security. 5. Securing Your APIs with Mulesoft 6. What we can do about it as developers, testers, architects and security officers.

5. API attackers are knowing API’s more than you.

8. Gartner report:

9. API VULNERABILITIES 1. Man in the Middle 2. CSRF Attack(Cross Site Request Forgery attacks) 3. SQL Injection 4. Distributed Denial of Services(Rate Limiting) 5. HTTPS and SSL Certificates 6. Firewall Optimizations 7. Logs And much more……………………...

10. How can your RAML or OSA/Swagger can be targeted?

11.

12. SQL Injections How you thought it to be-: How attackers find a way-: What you not thought to be it was:

13. Whats a Secure API? A secure API is one that can guarantee the confidentiality of the information it processes by making it visible only to the Users, Apps, and Servers that are authorized to consume it.

14. Security Auditing

15. Security Auditing

16.

17. What Mulesoft serve for API Security. 1. API Gateways -Proxy and Policy Implementation (Policy for every need) 1. Identity Access Management(federated identity standard) 2. Mule Security Manager 3. SSH 4. PGP Security 5. Secrets Manager

18.

19. Policy Category Fulfills Basic Authentication - LDAP and Simple Security Authentication Client ID Enforcement Compliance Client ID Required CORS Compliance CORS-enabled Header Injection and Removal Transformation Header Injection/Header Removal HTTP Caching Quality of Service HTTP Caching IP Blacklist/IP Whitelist Security IP Filtered JSON Threat Protection Security JSON Threat Protected OAuth 2.0 Access Token Enforcement Using External Provider Policy Security OAuth 2.0 protected OpenAM Access Token Enforcement Security OAuth 2.0 Protected PingFederate Access Token Enforcement Security OAuth 2.0 Protected Rate Limiting Quality of Service Rate Limited Rate Limiting, SLA-Based Quality of Service Rate Limited, Client ID required Spike Control Quality of Service Throttled, Rate Limited XML Threat Protection Security XML Threat Protected Tokenization/Detokenization Security Security JWT Security Security

20.

21. Analysis at Conclusion ● Discover Your APIs Before Attackers Discover Them ● Use a Combination of API Management and Web Application Firewalls to Protect APIs, in Conjunction With Identity Infrastructure ● Adopt a Continuous Approach to API Security ● Use a Distributed Enforcement Model to Protect APIs Across Your Entire Architecture, Not Just at the Perimeter

22. Questions?

23. Game Of Api’s Part-2 ???

API Security using Mulesoft

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a API Security using Mulesoft

Similar a API Security using Mulesoft (20)

Último

Último (20)

API Security using Mulesoft