apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Solving API security through holistic obervability
Jean-Baptiste Aviat, AppSec Staff Engineer at Datadog
6. What happened in 150 years?
Microbiology
ECG
X-Ray
Radiotherapy
Blood transfer
Magnetic resonance imaging
CT scan
ECG
7. Correlate result from
various micro observations.
Wouldn’t have been
possible a century ago.
And now medicine students
have statistical classes.
Algorithm to evaluate a
macrocytic anemia
8. This progress came from medicine
ability to collect data, to exploit it, and to
make it usable by practitioners.
11. Use data from everywhere (and not only left)
Observability
platform
Feedback Feedback
12. What do we actually need?
● Security resources are scarce
● They are spread thin
○ monitor production
○ help developers design secure systems
○ keep up with the business
● The systems are becoming more complex
→ security products have to make their life much easier and
help them focus on what matters
13. 100%
Only requests
matching an attack
pattern
1%
Only attacks
matching an
existing route
.5%
Only attacks
targeting
what the
code does
.05%
Kill false positives.
Resurface threats.
By compounding security
events with contextual
information.
Only
attacks
on non
edge
services
.001%
100% API traffic
14. Query the framework
The attack is calling a real API endpoint
jb@datadoghq.com
6801-8226415-321-74
Find associated user
18. request_params {
org_id 123 AND check = true UNION SELECT
email, pwd_hash, seed FROM users
}
NoSQL injection stealing user credentials
If user parameters are:
1. matching the database query
2. changing the query shape
That’s a proof of a NoSQL injection.
19. Let’s take this to the next level.
Instead of a dozen data points, hundreds
can be automatically gathered from your
production environment.
23. True view about the
security context of an
API.
Combined with
statistical analysis,
provides the most
complete view in order
to monitor production
systems.
29. Takeaways
Security evolves, but we need more data and more tools.
Don’t only shift left: shift everywhere.
Leverage observability from your engineering organization to
improve security monitoring:
● Production
● Software development lifecycle: tests, releases, designs
Correlate data using rich and coherent sources (rather than flat
and disparate)