API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale

Explore the evolving landscape of API security in this 30-minute LASCON conference talk. Delve into the new application attack surface created by the widespread adoption of APIs as the data layer for modern web applications. Learn how traditional web application attacks may no longer apply to stateless API calls between servers. Discover approaches for securing sensitive APIs at an enterprise scale. Gain insights into the architecture behind APIs, security implications, and the current threat landscape. Examine real-world examples, including the Facebook breach, to understand how attacks occur and how to prevent them. Explore use cases for secrets management and value-driven threat modeling. Walk away with practical knowledge on securing APIs in today's interconnected digital ecosystem.

Intro
What is your background
Agenda
Architecture
Behind the scenes
Security implications
Threat landscape
Facebook breach
How to fix it
How it happened
Use cases
Secrets management
Perform valuedriven threat modeling
Closing thoughts