Publicité

APIsecure 2023 - Structuring Security Forward, Megan Bell

apidays
apidays
21 Mar 2023
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell
APIsecure 2023 - Structuring Security Forward, Megan Bell

Check these out next

Ethical hacking a licence to hack
Ethical hacking a licence to hack
amrutharam
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
IBM Security
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011
dma1965
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
SPI Conference
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik
1 sur 20

APIsecure 2023 - Structuring Security Forward, Megan Bell

21 Mar 2023
Télécharger pour lire hors ligne
Internet

APIsecure 2023 - The world's first and only API security conference March 14 & 15, 2023 Structuring Security Forward Megan Bell, Security | Privacy | Regulatory Compliance | Risk | Data + Analytics | Customer Engagement ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

apidays
apidays
Publicité
Publicité
Publicité

Recommandé

TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte157 vues40 diapositives
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka1.1K vues34 diapositives
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI JoAnna Cheshire1.3K vues20 diapositives
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0338 vues16 diapositives
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Janghyuck Choi364 vues11 diapositives
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core Security Technologies277 vues19 diapositives

Contenu connexe

Similaire à APIsecure 2023 - Structuring Security Forward, Megan Bell(20)

Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
amrutharam1.5K vues
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
IBM Security1.3K vues
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011
dma19651.8K vues
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault1.2K vues
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
SPI Conference284 vues
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli136 vues
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust375 vues
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik1.2K vues
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Emrah Alpa, CISSP CEH CCSK84 vues
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
rajkumar jonuboyena133 vues
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav150 vues
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
zapp0695 vues
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Kjetil Lund-Paulsen438 vues
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership
Leonardo1.9K vues
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
John M. Kennedy1.3K vues
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
Minh Le759 vues
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency935 vues
Computing safetyComputing safety
Computing safety
titoferrus80 vues
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick557 vues
IBM Security Immune SystemIBM Security Immune System
IBM Security Immune System
Juan Pablo Coelho1.6K vues

Plus de apidays(20)

apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...
apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...
apidays21 vues
apidays Dubai & Middle East 2023 - Unlock the Power of Digital Banking with E...apidays Dubai & Middle East 2023 - Unlock the Power of Digital Banking with E...
apidays Dubai & Middle East 2023 - Unlock the Power of Digital Banking with E...
apidays8 vues
apidays Dubai & Middle East 2023 - Combining APIs and Events, Richard Bosch, ...apidays Dubai & Middle East 2023 - Combining APIs and Events, Richard Bosch, ...
apidays Dubai & Middle East 2023 - Combining APIs and Events, Richard Bosch, ...
apidays2 vues
APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)
APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)
apidays66 vues
APIsecure 2023 - Exploring Security Compliance in the OAuth 2.0 Ecosystem, Pi...APIsecure 2023 - Exploring Security Compliance in the OAuth 2.0 Ecosystem, Pi...
APIsecure 2023 - Exploring Security Compliance in the OAuth 2.0 Ecosystem, Pi...
apidays31 vues
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
apidays32 vues
APIsecure 2023 - How to abuse Terraform to elevate access, Mike McCabeAPIsecure 2023 - How to abuse Terraform to elevate access, Mike McCabe
APIsecure 2023 - How to abuse Terraform to elevate access, Mike McCabe
apidays24 vues
APIsecure 2023 - Breaking Vulnerable APIs, Tushar KulkarniAPIsecure 2023 - Breaking Vulnerable APIs, Tushar Kulkarni
APIsecure 2023 - Breaking Vulnerable APIs, Tushar Kulkarni
apidays22 vues
APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...
APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...
apidays8 vues
APIsecure 2023 - Securing your APIs with multi-facet contract testing, Ian Do...APIsecure 2023 - Securing your APIs with multi-facet contract testing, Ian Do...
APIsecure 2023 - Securing your APIs with multi-facet contract testing, Ian Do...
apidays25 vues
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
apidays19 vues
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...
apidays17 vues
APIsecure 2023 - OAuth, OIDC and protecting third-party credentials, Ed Olson...APIsecure 2023 - OAuth, OIDC and protecting third-party credentials, Ed Olson...
APIsecure 2023 - OAuth, OIDC and protecting third-party credentials, Ed Olson...
apidays17 vues
APIsecure 2023 - Learning from a decade of API breaches and why application-c...APIsecure 2023 - Learning from a decade of API breaches and why application-c...
APIsecure 2023 - Learning from a decade of API breaches and why application-c...
apidays53 vues
APIsecure 2023 - Understanding and Identifying Threats Against APIs, Shannon ...APIsecure 2023 - Understanding and Identifying Threats Against APIs, Shannon ...
APIsecure 2023 - Understanding and Identifying Threats Against APIs, Shannon ...
apidays22 vues
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays39 vues
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
apidays10 vues
APIsecure 2023 - Enhancing API Security with Runtime Secrets & Attestation, T...APIsecure 2023 - Enhancing API Security with Runtime Secrets & Attestation, T...
APIsecure 2023 - Enhancing API Security with Runtime Secrets & Attestation, T...
apidays11 vues
APIsecure 2023 - Discovering GraphQL Vulnerabilities in the Wild, Tristan Kal...APIsecure 2023 - Discovering GraphQL Vulnerabilities in the Wild, Tristan Kal...
APIsecure 2023 - Discovering GraphQL Vulnerabilities in the Wild, Tristan Kal...
apidays24 vues
APIsecure 2023 - Your Technical Debt is My Bug Bounty, Dr. Katie Paxton-FearAPIsecure 2023 - Your Technical Debt is My Bug Bounty, Dr. Katie Paxton-Fear
APIsecure 2023 - Your Technical Debt is My Bug Bounty, Dr. Katie Paxton-Fear
apidays83 vues
Publicité

Dernier(20)

Social Media Management.pptxSocial Media Management.pptx
Social Media Management.pptx
Excellence Foundation for South Sudan57 vues
TENSES (3.pdfTENSES (3.pdf
TENSES (3.pdf
Rachana2254660 vue
Hybrid App Development .pdfHybrid App Development .pdf
Hybrid App Development .pdf
Sanjaysharma9946542 vues
python_desktop.pdfpython_desktop.pdf
python_desktop.pdf
Lagal Tchixa0 vue
pubmedbasics.pdfpubmedbasics.pdf
pubmedbasics.pdf
Jesus Figeroa Cardenaz1 vue
5 points branching from heading infographic.pptx5 points branching from heading infographic.pptx
5 points branching from heading infographic.pptx
OMJHA202 vues
PruebaPrueba
Prueba
DavidLora86 vues
Health assessment.pptxHealth assessment.pptx
Health assessment.pptx
ErmiyasBeletew2 vues
AsistenciaMensual - 2021-07-28T160740.392 23-07.pdfAsistenciaMensual - 2021-07-28T160740.392 23-07.pdf
AsistenciaMensual - 2021-07-28T160740.392 23-07.pdf
ladyfernandacedeofar0 vue
IP_ADDRESSING_AND_SUBNETTING.pptxIP_ADDRESSING_AND_SUBNETTING.pptx
IP_ADDRESSING_AND_SUBNETTING.pptx
gamerchan11 vue
Google Productivity Tools.pptxGoogle Productivity Tools.pptx
Google Productivity Tools.pptx
Excellence Foundation for South Sudan17 vues
埃塞克斯大学毕业证办理|Essex文凭购买埃塞克斯大学毕业证办理|Essex文凭购买
埃塞克斯大学毕业证办理|Essex文凭购买
yneno1 vue
Strategies for Increasing your Reach (1).pdfStrategies for Increasing your Reach (1).pdf
Strategies for Increasing your Reach (1).pdf
Anceyfrancis2 vues
RSA Cambridge CELTA certificate.pdfRSA Cambridge CELTA certificate.pdf
RSA Cambridge CELTA certificate.pdf
lunabarajas8160 vue
Seneca diploma.pdfSeneca diploma.pdf
Seneca diploma.pdf
lunabarajas8160 vue
Oxford brookes University diploma.pdfOxford brookes University diploma.pdf
Oxford brookes University diploma.pdf
lunabarajas8160 vue
Digital Literacy Fundamentals.pptxDigital Literacy Fundamentals.pptx
Digital Literacy Fundamentals.pptx
Excellence Foundation for South Sudan14 vues
University of Sheffield diploma.pdfUniversity of Sheffield diploma.pdf
University of Sheffield diploma.pdf
lunabarajas8160 vue
无法毕业?法国上阿尔萨斯大学毕业证书和学位证书办理无法毕业?法国上阿尔萨斯大学毕业证书和学位证书办理
无法毕业?法国上阿尔萨斯大学毕业证书和学位证书办理
sefomo3 vues
islamiatpresentationurdu-170508174122.pdfislamiatpresentationurdu-170508174122.pdf
islamiatpresentationurdu-170508174122.pdf
FarhanaAkhlaq1 vue

APIsecure 2023 - Structuring Security Forward, Megan Bell

  1. Structuring Security Forward (Part 2) Megan Bell
  2. Current State — best practices only get so far Encryption and signatures Tokens API gateways Quotas and throttling API vulnerability management API keys | Basic authentication | OpenID Connect
  3. Problem — Not addressing the issues Business logic challenges Authentication / Authorization Source code security / integration Expanded staff permissions Excessive data exposure Misconfiguration APIs
  4. Data is pushed to an endpoint for consumption. Rapid development Lean security.
  5. Broaden security thinking: - Lifecycles - Connections - Interactions
  6. Lean Security: - Volume of knowledge - Less staff - More complexity - Automation
  7. Immune Systems
  8. Immune System Protections: ● Innate ● Adaptive ● Passive
  9. Immune System Functions: ● detect and fight infection ● recognize one’s own cells as "self," as part of protection from an attack ● retain memory from previous infections ● limit response after a pathogen has been removed
  10. Build a strong foundation – start with innate security.
  11. Security begins with good design, quality and “governance”.
  12. Accountability
  13. Investment decisions – build versus buy
  14. Begin with data and its purpose
  15. Know systems, services and pieces and parts.
  16. Safety: ● Boundaries ● Access ● Defense-in- depth
  17. Know your risk profile (victimology – how does an attacker see you?)
  18. Data in Transit
  19. Security Patterns
  20. Thank you.
Publicité