Apidays London 2024 - Securing APIs, Beyond the Basics with Advanced Security Practices, Karanvir Attwal.pptx

APIdays_official 269 views 20 slides Oct 10, 2024

Slide 1 of 20

About This Presentation

Securing APIs: Beyond the Basics with Advanced Security Practices
Karanvir Attwal, Senior Solutions Engineer - Akamai

apidays London 2024 - APIs for Smarter Platforms and Business Processes
September 18 & 19, 2024

Size: 10.79 MB

Language: en

Added: Oct 10, 2024

Slides: 20 pages

Slide Content

Securing APIs Karanvir Attwal API Security Specialist Beyond the basics with Advanced Security Practices

Existing application security solutions not built for evolution of API attacks 31 % of web traffic is APIs 1 Akamai State of the Internet Report 2 Akamai threat researchers have identified that 31% of all traffic protected by Akamai is API traffic More APIs deployed every day More API traffic More API attacks Why API Security is Needed Today 3 0% of all web attacks targeted APIs in 2023

Broad product capabilities: Flexible deployment, integrations, runtime protection, API testing, etc. API Attacks Are Not An If, But When In the last 12 months, 24 of 70 major data breaches stemmed from API vulnerabilities, impacting 15 different industries.

Order Coffee Order a Car Check the Weather Check in for a flight Use Maps Log in to Social Media APIs are Everywhere Open Internet, Employees, Suppliers, Partners, IoT Massive Attack Surface 31% of all traffic protected by Akamai is API traffic

API and Web Services Protect the client app from compromise Desktops Business Partners Multicloud Application and Data Services API and Web Security Threat Prot Bot Prot Privacy PCI DSS IoT Devices Internet Defend the applications from unavailability Protect the applications from OWASP, bot, and API attacks Defend APIs from attacks within the perimeter Defend applications against abuse and sensitive data exposure Today’s App and API Landscape

API and Web Services API and Web Security Threat Prot Bot Prot Privacy PCI DSS AAP protects the “front door” of the application and APIs API Security provides deep visibility and intelligence to what’s occurring inside the application environment Today’s App and API Landscape NEW

APIs are different They require a different approach Unlike web apps, when you expose an API to the internet, i t is open for direct calls and subsequent abuse

‹#› How many APIs do you have?

‹#› What type of data is being transmitted?

API asset inventory, change detection, network mapping, reconnaissance. Discovery Configuration control, vulnerability management, remediation prioritization. Posture Management Detection and prevention of attackers and suspicious behavior in real time. Runtime Protection Secure APIs in dev to stop vulnerabilities before production. Testing Complete API Security at any stage of your API Lifecycle The API Security Pillars

Understand your API ecosystem like never before The API Security Pillars API inventory Network mapping Change detection Reconnaissance Discovery Posture Management Runtime Protection Testing

Protect what you know The API Security Pillars Proactive monitoring Configuration control Severity classification Remediation Discovery Posture Management Runtime Protection Testing

Protect what you know The API Security Pillars Real-time detection Behavior analysis Detect data exposure Prevention integrations Discovery Posture Management Runtime Protection Testing Detection and prevention of attackers and suspicious behavior in real time .

Protect what you know The API Security Pillars CI/CD Integration Shift left Reduce risk exposure Vulnerability labs Discovery Posture Management Runtime Protection Testing Secure APIs in dev to stop vulnerabilities before production.

Ecosystem Development Platforms Network and Cloud Workflow Integrations API Gateway

Deploy Noname globally at scale in any combination of SaaS, hybrid, or on-premises (including a hardened virtual appliance for public-sector organizations) Enable local control with global visibility with Remote Engines Easily comply with multiple regulatory requirements, regional policies, and technical directives Flexible Deployment Options Noname secures your APIs wherever and however you need Noname Hosted Hybrid Customer Hosted

Summary Know what you have! Build a complete inventory and API catalogue to ensure full control over your API estate Analyze traffic from all types of environments and enjoy more flexibility Test APIs and find vulnerabilities during the development cycle to avoid introducing risk into production environments Leverage out of the box integrations with the existing security stack to accelerate remediation activities Flexibility around deploying the solution to meet your Data Sovereignty and Governance needs.

Apidays London 2024 - Securing APIs, Beyond the Basics with Advanced Security Practices, Karanvir Attwal.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Apidays London 2024 - Securing APIs, Beyond the Basics with Advanced Security Practices, Karanvir Attwal.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx