YoVDO

API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale

Offered By: LASCON via YouTube

Tags

LASCON Courses Application Security (AppSec) Courses API Security Courses Enterprise Security Courses Threat Modeling Courses Vulnerability Management Courses Secrets Management Courses

Course Description

Overview

Explore the evolving landscape of API security in this 30-minute LASCON conference talk. Delve into the new application attack surface created by the widespread adoption of APIs as the data layer for modern web applications. Learn how traditional web application attacks may no longer apply to stateless API calls between servers. Discover approaches for securing sensitive APIs at an enterprise scale. Gain insights into the architecture behind APIs, security implications, and the current threat landscape. Examine real-world examples, including the Facebook breach, to understand how attacks occur and how to prevent them. Explore use cases for secrets management and value-driven threat modeling. Walk away with practical knowledge on securing APIs in today's interconnected digital ecosystem.

Syllabus

Intro
What is your background
Agenda
Architecture
Behind the scenes
Security implications
Threat landscape
Facebook breach
How to fix it
How it happened
Use cases
Secrets management
Perform valuedriven threat modeling
Closing thoughts


Taught by

LASCON

Related Courses

Comparing WAF and RASP - Why?
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube Developing and Managing an OWASP Project - Projects 101
LASCON via YouTube