Mining API Traffic Metadata

•Descargar como PPTX, PDF•

1 recomendación•238 vistas

Lack of API visibility is a top security concern at many enterprises today. APIs that operate in disconnected silos produce inconsistent analytics and decentralized security. API traffic metadata mining is the new gold rush. Learn how mining and analysing this untapped resource leads to richer API insights and stronger threat detection and blocking.

Tecnología

1 Copyright ©2018 Ping Identity Corporation. All rights reserved.
Mining API Traffic
Metadata
Francois Lascelles
Office of the CTO
Ping Identity
2019 Platform Summit

WHAT IS API TRAFFIC METADATA?
API Clients
{API}
{API} {API}
{API}
API Endpoints
API Traffic
• Which resource
• Which token
• Which cookie
• Where from
• How big
• Latency
• Content type
• Errors
• Over time:
o Sequence
o How many
o …

WHO CARES?
API Traffic
metadata is the key
to addressing
1. an API visibility gap
2. an API security gap

THE “IMPLEMENTATION DETAIL”
PROBLEM
Only 6 people
know about this
API (it’s private)

BLINDSPOT – THE APIS NOT ON YOUR
RADAR
Organization’sAPIs
Old forgotten versions
Shadow APIs
“We’re not confident our
security team knows about
all of the APIs that exist in
our organization.”
- 51% of respondents
Ping Identity IDENTIFY 2018 Survey
Gartner: “Discover Your APIs
Before Attackers Discover
Them”
- Aug’19 API Security Report

BLINDSPOT – API SILOS
APIs are deployed across
heterogenous stacks and
environments each
providing separate visibility
and governance.
Organization’sAPIs
API Silos

HACKERS KNOW ABOUT YOUR APIS
Your API is either well documented or easily reverse-engineered

HACKERS USE YOUR API OUTSIDE OF YOUR
APP
AppUser API
Data
Service
ToolsHacker API
Data
Service
• Client-side rules skipped
• Unexpected and untested-for API
abuse scenarios
• Freedom to poke around and find
vulnerabilities
• More blindspots
skip
that
YOUR API CAN’T TELL THE
DIFFERENCE

BREACHES NOT DETECTED
Average Time to Detect First Breach
2018 Verizon DBIR

Persisting API Security Gaps
 Unexpected ”outside-the-
app” scenarios
 Deficit of available
expertise
 Real-time security focus
 Downstream
vulnerabilities
 Users (phish, password
reuse, insider threat)
 Clients that can’t keep
secrets
 Bearer tokens
Foundational API
security blindspots
External
Vulnerabilities
How to mitigate these persisting
vulnerabilities?

visibility gap
Addressing the
With API traffic metadata

EFFECTIVE API VS API CATALOGUES
API Management
API Traffic Metadata “Effective” APIs
API Catalogue

API METADATA ACROSS API SILOS
 Aggregate in a centralized data
lake
 Tapping wide
– API Gateways
– Load-balancers
– Cloud fronts
– Inline
– Service Filters
Load-balancer
Word

TAPPING DEEP
A Sideband api for
collecting api traffic
metadata
Collect Metadata
Downstream
Microservice,
Mesh layer
Metadata collection point

ENRICH METADATA WITH IDENTITY
CORRELATION
Show the username report video

security gap
Addressing the
By analyzing API traffic metadata

MITIGATE PERSISTING RISKS BY
LEVERAGING MACHINE LEARNING
MODEL
• Learn from API
traffic
• Build models:
APIs traffic from
legit apps
DETECT
• Inspect runtime
traffic
• Look for
deviations from
model
BLOCK
• Block compromised
tokens
• Notify/alert

API TRAFFIC METADATA IS PRECIOUS
AND UNDERUTILIZED
 API Visibility
– Effective API visibility
– De-siloed and enriched insights
 Security posture
– ML-based attack prediction and
remediation
 Legal
– Metadata is electronic equivalent of DNA
Deriving metadata from your existing
API traffic requires no heavy lifting

YOU CAN’T PROTECT WHATYOU
CAN’T SEE.
Gain Deeper InsightsintoAPI ActivitytoReveal Hidden Trafficand
Vulnerabilities.
Take a closerlook. Get rewarded.
Learn more & sign up at www.pingidentity.com/RevealHiddenAPITraffic
Win anArlo camera!

Más contenido relacionado

La actualidad más candente

These are the slides from the API Management Workshop, held at the Startupbootcamp Berlin on October 17. We covered benefits of APIs for an organisation (regardless of size, sector, stage or purpose) and gave examples of successful deployment of APIs. We then described the typical API lifecycle: plan/design > build/integrate > operate/manage > share/engage. We covered many best practices and tools for each stage and gave practical demos about how to secure and manage APIs.

API Management Workshop (at Startupbootcamp Berlin)

3scale

London Adapt or Die: Securing your APIs the Right Way!

Apigee | Google Cloud

Adapt or Die Sydney - API Security

Apigee | Google Cloud

Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...

Apigee | Google Cloud

O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...

Apigee | Google Cloud

APIs are a wonderful thing and bring many benefits, but by their very nature they are also a window into how your business operates. If someone can exploit your system for gain, they will. This presentation will give multiple real examples of API abuse in the wild, via methods such as data scraping, service misuse/cheating, unauthorized aggregation and fake account creation. How is it done, how are existing API controls bypassed, and what are the business implications? The audience will learn that API abusers are inventive and they use smart tools. The audience will also learn who some of these API abusers are, and may be surprised by the result. (Spoiler: they can be your customers!) Finally, some guidance will be given around what additional access controls can be put in place to ensure API based businesses continue to prosper.

Is Your API Being Abused – And Would You Even Notice If It Was?

Nordic APIs

APIs for... Your Mom

Carlo Longino

Managing Sensitive Information in an API and Microservices World

Apigee | Google Cloud

apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...

apidays

API Security Webinar : Security Guidelines for Providing and Consuming APIs

DevOps Indonesia

apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde

apidays

apidays LIVE New York 2021 - API design is where culture and tech meet each o...

apidays

5 Tips for Scaling API Governance

John Phenix

[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management

WSO2

apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...

apidays

apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...

apidays

apidays LIVE Paris - Potential of API integrations, common traps and advices ...

apidays

Extend your legacy SOA/ESB infrastructure to Mobile & IoT This webinar recording provides a use-case driven discussion around appropriate use of existing middleware infrastructure as well as its shortcomings. It dives deep into how APIs can not only complement an ESB or SOA infrastructure but also fill existing gaps. Watch this webinar recording to learn about: - Strengths and weaknesses of your existing ESB/SOA infrastructure - Architecture strategy: extend and add value to legacy middleware with APIs - Integration / API use cases in Retail, Manufacturing and Telecom - The API360 approach to digital strategy

Api architectures for the modern enterprise

CA API Management

Modernize Service-Oriented Architecture with APIs

Apigee | Google Cloud

apidays LIVE Hong Kong - The Business of APIs by Jed Ng

apidays

La actualidad más candente (20)

API Management Workshop (at Startupbootcamp Berlin)

London Adapt or Die: Securing your APIs the Right Way!

Adapt or Die Sydney - API Security

Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...

O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...

Is Your API Being Abused – And Would You Even Notice If It Was?

APIs for... Your Mom

Managing Sensitive Information in an API and Microservices World

apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...

API Security Webinar : Security Guidelines for Providing and Consuming APIs

apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde

apidays LIVE New York 2021 - API design is where culture and tech meet each o...

5 Tips for Scaling API Governance

[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management

apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...

apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...

apidays LIVE Paris - Potential of API integrations, common traps and advices ...

Api architectures for the modern enterprise

Modernize Service-Oriented Architecture with APIs

apidays LIVE Hong Kong - The Business of APIs by Jed Ng

Similar a Mining API Traffic Metadata

apidays London 2023 - APIs for Smarter Platforms and Business Processes September 13 & 14, 2023 APIs: The Attack Surface That Connects Us All Stefan Mardak Enterpise Security Architect, Principal at Akamai Technologies ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...

apidays

apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture

apidays

apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance April 21 & 22, 2021 Novel approaches in API security Dr Tal Steinherz, CTO at Syber.ai ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...

apidays

What do Google, Facebook, Paypal, IRS, T-mobile, and USPS have in common? Answer -- hackers used their APIs to access sensitive customer information. Although these API attacks were exposed, most API-based attacks go undetected these days. This deck will discuss today’s evolving API threat landscape and explore what you can do to both detect and block cyberattacks from authenticated users and hackers who have reverse engineered your API with an integrated solution from WSO2 and PingIntelligence.

[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...

WSO2

WATCH WEBINAR: https://youtu.be/zTkv_9ChVPY In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API security has been launched into the forefront of enterprise security concerns – now forcing us to rethink the way we approach API security as a whole. OWASP Top 10 project has for a long time been the standard list of top vulnerabilities to look for and mitigate in the world of web applications. APIs represent a significantly different set of threats, attack vectors, and security best practices. This caused the OWASP community to launch OWASP API Security project earlier this year. In this session we’ll discuss: What makes API Security different from web application security The OWASP API Security Top 10 Real world breaches and mitigation strategies for each of the risks

WEBINAR: OWASP API Security Top 10

42Crunch

How Secure Are Your APIs?

Apigee | Google Cloud

apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...

apidays

APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...

apidays

2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...

APIsecure_ Official

In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API security has been launched into the forefront of enterprise security concerns – now forcing us to rethink the way we approach API security as a whole. OWASP Top 10 project has for a long time been the standard list of top vulnerabilities to look for and mitigate in the world of web applications. APIs represent a significantly different set of threats, attack vectors, and security best practices. This caused the OWASP community to launch OWASP API Security project earlier this year. In this session we’ll discuss: What makes API Security different from web application security The OWASP API Security Top 10 Real world breaches and mitigation strategies for each of the risks

OWASP API Security Top 10 - Austin DevSecOps Days

42Crunch

Secure Enterprise APIs for Mobile, Cloud & Open Web APIs present enterprises with many business opportunities but they also create new attack vectors that hackers can potentially exploit. APIs share many of the same threats that plague the Web but APIs are fundamentally different from Web sites and have an entirely unique risk profile that must be addressed. By adopting a secure API architecture from the beginning, it is possible to address both old and new threats. In this webinar, Scott Morrison – CTO at Layer 7 Technologies – will explain in detail how an enterprise can pursue its API publishing strategy without compromising the security of its on-premise systems and data. You Will Learn How APIs increase the attack surface What key types of risk are introduced by APIs How enterprises can mitigate each of these risks Why it is crucial to separate API implementation and security into distinct tiers Presented By Scott Morrison, CTO, Layer 7 Technologies

Protecting Your APIs Against Attack & Hijack

CA API Management

Outpost24 webinar Why API security matters and how to get it right.pdf

Outpost24

Intro to Azure Api Management - With Cats

Xamariners

F5-API-Security-Best-Practices.pdf

FahmiDzikrullah

The session will focus on delivering the key trends in APIs, API Management Platform technologies and how it is driving the API economy. We will also discuss the key drivers for digital transformation initiatives which include wide acceptance of APIs in Industry 4.0, Connected Devices, Cloud and Payments industry. Next, we will talk about the top 10 security risks in APIs, API Management Platforms, APIs integrations with cloud platforms, IoT/OT devices integrations with third-party applications. Lastly, we will uncover the need for implementing the API security governance framework and how to measure the API security programme’ s success through this governance framework.

(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...

Priyanka Aash

Outpost24 webinar - Api security

Outpost24

Api security-present

Security Bootcamp

2022 APIsecure_Monitoring and Responding to API Breaches

APIsecure_ Official

API Security Needs AI Now More Than Ever

Ping Identity

apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...

apidays

Similar a Mining API Traffic Metadata (20)

apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...

apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture

apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...

[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...

WEBINAR: OWASP API Security Top 10

How Secure Are Your APIs?

apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...

APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...

2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...

OWASP API Security Top 10 - Austin DevSecOps Days

Protecting Your APIs Against Attack & Hijack

Outpost24 webinar Why API security matters and how to get it right.pdf

Intro to Azure Api Management - With Cats

F5-API-Security-Best-Practices.pdf

(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...

Outpost24 webinar - Api security

Api security-present

2022 APIsecure_Monitoring and Responding to API Breaches

API Security Needs AI Now More Than Ever

apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...

Más de Nordic APIs

A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned! This presentation will cover topics like: – How does it work? What does it mean to “train” a bot on your docs? – Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team? – The trade-offs around building your own vs. buying a 3rd party solution – Some decisions around the underlying tech – How to build a decent “conversational mode” so you can ask follow-up questions – How you evaluate the quality of a chatbot, and some surprises we ecountered along the way – What do you do when things go wrong? – Security considerations And much more! Actually, probably not that much more. That already sounds like a lot.

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

Nordic APIs

A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13. Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind. A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.

The Art of API Design, by David Biesack at Apiture

Nordic APIs

A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13. Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

Nordic APIs

A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13. Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools. Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss: 1. The platform team model - team topologies and key roles for developing internal API platforms 2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs 3. Applying a "platform as a product" mindset to measure and communicate platform success 4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

Nordic APIs

A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13. Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach. Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies. Key topics include: - The current challenges in API governance and how federated management addresses these. - The principles and architecture of Federated API Management, distinguishing it from traditional models. - Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses. - Strategies for implementing Federated API Management, focusing on best practices for seamless integration. - The future outlook of API governance, anticipating emerging trends and technologies.

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

Nordic APIs

A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13. Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

Nordic APIs

A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13. Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.

API Discovery from Crawl to Run - Rob Dickinson, Graylog

Nordic APIs

A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13. Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.

Productizing and Monetizing APIs - Derric Gilling, Moseif

Nordic APIs

A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13. Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis. In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows: - Easily « boosting » any product feature with Generative AI - Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model - Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Nordic APIs

A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13. Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs. 1. Overview of Large Language Models (LLMs) APIs 2. Understanding LLM Vulnerabilities: - Prompt Injections - Sensitive Data Leakage - Inadequate Sandboxing - Insecure Plugin Design - Model Denial of Service - Unauthorized Code Execution - Input attacks - Poisoning attacks 3. Best practices to secure LLM APIs from data breaches I will explain all the above using real life examples.

Security of LLM APIs by Ankita Gupta, Akto.io

Nordic APIs

A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

Nordic APIs

A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Nordic APIs

A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13. Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward? Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management? I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Nordic APIs

A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13. Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Nordic APIs

A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13. Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Nordic APIs

A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13. Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Nordic APIs

A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13. Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

Nordic APIs

A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13. Session Description: GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

Nordic APIs

A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13. Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

Nordic APIs

A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

Nordic APIs

Más de Nordic APIs (20)

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

The Art of API Design, by David Biesack at Apiture

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

API Discovery from Crawl to Run - Rob Dickinson, Graylog

Productizing and Monetizing APIs - Derric Gilling, Moseif

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Security of LLM APIs by Ankita Gupta, Akto.io

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

Último

Architecting Cloud Native Applications

WSO2

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Exploring Multimodal Embeddings with Milvus

Zilliz

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Mining API Traffic Metadata

2. WHAT IS API TRAFFIC METADATA? API Clients {API} {API} {API} {API} API Endpoints API Traffic • Which resource • Which token • Which cookie • Where from • How big • Latency • Content type • Errors • Over time: o Sequence o How many o …

3. WHO CARES? API Traffic metadata is the key to addressing 1. an API visibility gap 2. an API security gap

4. Where are my APIs? The visibility gap

5. THE “IMPLEMENTATION DETAIL” PROBLEM Only 6 people know about this API (it’s private)

6. BLINDSPOT – THE APIS NOT ON YOUR RADAR Organization’sAPIs Old forgotten versions Shadow APIs “We’re not confident our security team knows about all of the APIs that exist in our organization.” - 51% of respondents Ping Identity IDENTIFY 2018 Survey Gartner: “Discover Your APIs Before Attackers Discover Them” - Aug’19 API Security Report

7. BLINDSPOT – API SILOS APIs are deployed across heterogenous stacks and environments each providing separate visibility and governance. Organization’sAPIs API Silos

8. Breach in progress The security gap

9. One does not simply… “Secure” an API

10. HACKERS KNOW ABOUT YOUR APIS Your API is either well documented or easily reverse-engineered

11. HACKERS USE YOUR API OUTSIDE OF YOUR APP AppUser API Data Service ToolsHacker API Data Service • Client-side rules skipped • Unexpected and untested-for API abuse scenarios • Freedom to poke around and find vulnerabilities • More blindspots skip that YOUR API CAN’T TELL THE DIFFERENCE

12. BREACHES NOT DETECTED Average Time to Detect First Breach 2018 Verizon DBIR

13. Persisting API Security Gaps  Unexpected ”outside-the- app” scenarios  Deficit of available expertise  Real-time security focus  Downstream vulnerabilities  Users (phish, password reuse, insider threat)  Clients that can’t keep secrets  Bearer tokens Foundational API security blindspots External Vulnerabilities How to mitigate these persisting vulnerabilities?

14. visibility gap Addressing the With API traffic metadata

15. EFFECTIVE API VS API CATALOGUES API Management API Traffic Metadata “Effective” APIs API Catalogue

16. API METADATA ACROSS API SILOS  Aggregate in a centralized data lake  Tapping wide – API Gateways – Load-balancers – Cloud fronts – Inline – Service Filters Load-balancer Word

17. TAPPING DEEP A Sideband api for collecting api traffic metadata Collect Metadata Downstream Microservice, Mesh layer Metadata collection point

18. ENRICH METADATA WITH IDENTITY CORRELATION Show the username report video

19. security gap Addressing the By analyzing API traffic metadata

20. MITIGATE PERSISTING RISKS BY LEVERAGING MACHINE LEARNING MODEL • Learn from API traffic • Build models: APIs traffic from legit apps DETECT • Inspect runtime traffic • Look for deviations from model BLOCK • Block compromised tokens • Notify/alert

21. API TRAFFIC METADATA IS PRECIOUS AND UNDERUTILIZED  API Visibility – Effective API visibility – De-siloed and enriched insights  Security posture – ML-based attack prediction and remediation  Legal – Metadata is electronic equivalent of DNA Deriving metadata from your existing API traffic requires no heavy lifting

22. YOU CAN’T PROTECT WHATYOU CAN’T SEE. Gain Deeper InsightsintoAPI ActivitytoReveal Hidden Trafficand Vulnerabilities. Take a closerlook. Get rewarded. Learn more & sign up at www.pingidentity.com/RevealHiddenAPITraffic Win anArlo camera!

Mining API Traffic Metadata

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Mining API Traffic Metadata

Similar a Mining API Traffic Metadata (20)

Más de Nordic APIs

Más de Nordic APIs (20)

Último

Último (20)

Mining API Traffic Metadata