ARC205 - Automating API Security Testing - The hard way vs The easy way

1H - Room: postwagon-4 - Start Time: 12:30

APIs are taking over the world! Using APIs to expose core business functionality and facilitate service-to-service communication has become standard. Not only it gives us several control points but also makes it easier to deal with complex modern applications. Although, these modern API-driven applications come with their issues like design complexity, visibility, communication, security, etc.

One of the major challenges here is properly securing APIs. It is becoming increasingly urgent as API-related attacks are impacting companies across nearly all sectors, resulting in skyrocketing costs for businesses. In the U.S. alone, the average annual API-related cyber loss is estimated to be USD $12-23 billion.

One of the best ways to deal with this is making API security a part of your SDLC. API Security testing is one of the ways to do that. API security testing helps in finding vulnerabilities in very early stages, giving developers and Product security engineers more time and context to build the resilient systems.

In this talk, we will see how you can easily integrate API security testing into your Development life cycle and build secure applications and APIs using various OSS and Enterprise tools. We will also see a demo of security with AWS.

Speakers

Jayesh Bapu Ahire

AWS ML Hero / Founding Product Manager at TraceableAI