Manage software risks with a holistic API security testing program

As network-based APIs become the primary interface for containerized and microservice architecture, traditional Application Security programs find themselves struggling with the new demands of this emerging architecture. AppSec for APIs will describe how organizations can better prepare themselves to secure API based applications.

Most API Security tools/platforms are built for the Security teams that are told “here’s an API service already running – go secure it”. Thus, they take an outside-in approach of building a fence around a service and/or poking the service with a stick to see what outward reactions they can get. But even an ML-powered fence can’t stop everything. Shouldn’t we be improving the security inherent in our RESTful or GraphQL API service/microservices? Let's actually find and fix the flaws before the API is deployed. And before the developers reading this run screaming thinking this is another “shift [the extra work] left” talk, what we will advocate is a simply and scalably deployed agent that will do this work for us. It will automagically discover and ingest the API documentation (if it exists), create and run tests based on these docs, turn any other functional tests we already have into security tests, and output replayable exploits when they are found. “Agent-less” solutions don't have the visibility and controllability needed to realize the automagic of building a more secure API from the inside out.

APIs are the heart of many modern applications. They enable organizations to create new business models and methods of engagement. Yet, security breaches have increased due to the proliferation of unprotected APls and API endpoints. A survey conducted by Salt Security in 2022(¹) found API attacks increased by 681%.

A comprehensive API protection strategy can help address these challenges, but it must include discovery, detection and protection. In this webinar you will learn about:

- The importance of conducting a thorough API inventory
- Implementing testing techniques to find problems throughout the SDLC
- Protecting your API by building in API-specific logging, monitoring and alerting at the application layer

(1) https://salt.security/blog/api-security-fundamentals

Organizations face a variety of threats from malicious actors. With the proliferation of web services, APIs are the fastest-growing attack surface in the industry. It's time to act. Join this webinar to get answers to some of the most pressing questions, such as

• What are the current industry trends on API usage?
• What are the challenges in dealing with application and API security?
• What are the solutions to API security challenges?
• What is an example of a firm that has adopted an IAST tool for API security?