Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Five Principles to API Security

675 visualizaciones

Publicado el

In a fast moving world where APIs are the cement of all new applications, proper security is a hard goal to reach. The presentation highlights 5 key principles to proper API Security. Our platform does the rest !

Publicado en: Software
  • Get the best essay, research papers or dissertations. from ⇒ www.HelpWriting.net ⇐ A team of professional authors with huge experience will give u a result that will overcome your expectations.
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • You might get some help from ⇒ www.WritePaper.info ⇐ Success and best regards!
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • Sé el primero en recomendar esto

Five Principles to API Security

  1. 1. ARE YOU SURE YOUR APIS ARE SECURE ? ISABELLE MAUNY - CTO The API Security Platform for the Enterprise
  2. 2. API SECURITY NEEDS TO 2 EVOLVE
  3. 3. 3 FROM ESTABLISHED PERIMETER…
  4. 4. 4 TO BLURRY PERIMETER…
  5. 5. 5App icon made by https://www.flaticon.com/authors/pixel-buddha Internal Partner Public VIRTUAL APPLICATION NETWORKS
  6. 6. FAST APP DELIVERY 6 APPLICATION
 DEVELOPMENT APPLICATION
 SECURITY
  7. 7. 7 SECURITY IS NEEDED. ALWAYS. 1
  8. 8. 8 EXPOSING ENTERPRISE DATA AND PROCESSES. WHAT ARE APIS FOR ?
  9. 9. 9 Internal External 80 55 57 69 Now Expect in the next 18 months Source: @The State of Cybersecurity and Digital Trust 2016” Accenture and HIS Research - Sample: 208 Enterprise Security Professionals Have you experienced the theft or corruption of internal corporate or user/consumer information by Internal or External threat actors?
  10. 10. Second Streamer 10 29% 9% 62% Source: Gartner (May 2016) Breakdown by type of insider. Career Launcher Saboteur
  11. 11. 11
  12. 12. “I think that a lot of people think that because there is no GUI on an API that no one can find it and it is invisible. But we can find them in about five seconds with a proxy… …Almost every threat that applies to a web app, can happen to an API, but a lot of people for some reason are not protecting them as much as their web applications.” Tanya Janca Application Security Evangelist - AppSec Podcast 12 “
  13. 13. 13 YOU NEED A HOLISTIC APPROACH 
 TO API SECURITY2
  14. 14. 14 Authentication Integrity (transport & message) Audit Confidentiality (transport & message) Availability (Rate Limiting) Authorization Non Repudiation Data Validity (attacks protection)
  15. 15. 15 YES. You need to consider all of this… … AND you need to configure all aspects in the right way
  16. 16. 16 EASY TO GET THOSE WRONG!
  17. 17. 17 NOT ALL APIS ARE EQUAL 3
  18. 18. “Security is a risk control measure…In the security sphere, one size does not fit all. We have to take ‘appropriate measures’. Nat SakimuraFixing OAuth, Nat Sakimura, July 20, 2016, https://nat.sakimura.org/2016/07/20/fixing-oauth/ 18 “
  19. 19. 19 Financial APIS Security Auth Grant Types OpenID Connect Flows TLS Settings Message Confidentiality Non-Repudiation Message Integrity Financial APIs Working Group: http://openid.net/wg/fapi/
  20. 20. 20 DEVOPS, BUT WITH SECURITY ON 4
  21. 21. LET’S SHIFT LEFT! 21 DeploymentTestingDevelopmentDesign
  22. 22. SEC-DEV-OPS IN ACTION 22 Develop Assess Secure TestDocument Deploy Continuous API testing, including security testing Deploy to API Security Platform Configure and apply security policy from assessed risk Assess API description and evaluate risk level Document and annotate API with OpenAPI/Swagger
  23. 23. 23 COLLABORATION IS CRUCIAL 5
  24. 24. 24 RELIES ON STRONG COLLABORATION ACROSS OPERATIONS, DEVELOPMENT, SECURITY AND BUSINESS TEAMS PROPER SECURITY
  25. 25. CONTACT: INFO@42CRUNCH.COM WWW.42CRUNCH.COM The API Security Platform for the Enterprise

×