Securing modern applications requires new thinking. As the prevalence of application programming interfaces (APIs) increases, and the exponential increase in API calls grows, attackers are taking notice. Attackers have shifted their primary focus from web applications to APIs and most security teams haven’t adapted. Since APIs are inherently more exposed than traditional web apps, security teams must rebalance their efforts to ensure defenses are strongest where attacks are actually occurring. The session will cover:
Introduction to API Security Requirements Cross-referenced API Security Best Practices A Security Maturity Model for API Security 3 Ways to Close Remaining Security Gaps Q&A
Quantum computing seems like a distant-future technology, but if you consider the pace of enterprise modernization, the quantum threat may be just around the corner - and APIs are a primary target. When is Q-day exactly? Nobody knows yet, but equally unknown is the scale of the corrective measures that will be required of your API infrastructure.
In this presentation you will learn: - How quantum computing introduces a new security risk - What is the API-specific exposure associated with this threat - How and when do you need to start preparing your APIs - What will be the costs in terms of computing resources and API retrofit projects - What we are learning from post-quantum API security research and initial tests so far
Michael Kwan is an accomplished software engineer and architect with passion creating scalable, secured, robust software solutions. At Broadcom, currently, his focus is designing solutions to help businesses develop, protect, and secure their APIs and valuable resources.
F5 secures and optimizes traffic for some of the largest AI projects in the world, and organizations are planning to spend an average of 18% of 2025 IT budgets on AI implementation. What many are missing is that outside of a few edge cases, nearly all training, usage, attacks, and data loss against AI models come through APIs, and APIs themselves expose critical information about models such as data labels and confidence scores, facilitating model theft, transfer attacks, and other issues unique to securing LLMs. In this session, we’ll talk about the ties between AI security, APIs, and how to structure a Defense in Depth architecture to secure your AI factory and models from the beginning, rather than after the fact.
Corey has provided cybersecurity consulting services since 2011, and has primarily focused his expertise on the energy, financial, legal, and health care industries. He has extensive technical experience in multiple security areas, including penetration testing, web application security... Read More →
Brenton House, IBM, Principal Cybersecurity and AI Advisor
Generative AI has revolutionized the tech world in the past months. With its insatiable thirst for data, all eyes have turned to APIs and the security (or lack of) protecting them. Large data breaches have become so common that security researchers are overwhelmed with the terabytes of leaked data finding its way to the Dark Web. Learn both the ugly secrets behind cyber threats and the successful strategies used to stop them.
Brenton House is an ex-hacker, developer, strategist, and now Principal Cybersecurity and AI Advisor for IBM webMethods. Known for his unique creative work and YouTube channel, Brenton has produced several hit series including The Redacted Hacker, AI: Man vs. Machine, and API Cybersecurity... Read More →
Vamsi Ravula, Red Hat, Developer Advocate Hugo Guerrero, Red Hat, Sr Principal Developer Advocate
Locationless API management is a paradigm shift in API governance and security. This innovative approach allows organizations to efficiently manage their APIs distributed across multiple clouds and clusters without exposing them publicly over the internet. Instead, it leverages a sophisticated layer seven service network, offering a secure and seamless solution for API management. By operating locationless, businesses can maintain a high degree of control and privacy over their APIs, mitigating the risks associated with public exposure while facilitating efficient communication between services across diverse deployment environments.
A Layer 7 service network provides the necessary infrastructure to establish secure connections between services, regardless of location. Through this network, APIs can be efficiently managed and accessed within a controlled environment, ensuring that sensitive data and functionalities remain protected. This locationless API management approach not only enhances security but also streamlines operations, as it minimizes the complexities of public-facing API management. As organizations continue to prioritize data privacy and security, locationless API management, powered by technologies like a Layer 7 service network, emerges as a game-changing solution that empowers businesses to securely manage and utilize their APIs without the need for public internet exposure.
Hugo Guerrero is a developer advocate at Red Hat. He has over 20 years of experience as a developer, consultant, architect, and software development manager. He is an AsyncAPI ambassador and contributes to open source initiatives. He is responsible for maintaining the Microcks Docker... Read More →
Vamsi Ravula is a Technical Marketing Manager at Red Hat working on Red Hat Application Foundations, application connectivity, and API management technologies. He is passionate about understanding customers' challenges and use cases and showcasing how Red Hat products can address... Read More →
To start off, Jeremy will summarize key points and findings from extensive research into the API security landscape in 2024 with a look at our growing reliance on APIs and how APIs are increasingly being used as an attack surface.
Then, he’ll go over statistics on API proliferation and recap key developments from 2023, including the OWASP Top 10 Update 2023 and the impact AI is having on API security. He will pay particular attention to the massive expansion of API calling capabilities that came via recent OpenAI Updates and the overall impact of AI on API security.
Jeremy will then look at increasing regulatory oversight, the current shift toward personal accountability for CISOs and what this means for cyber security against a backdrop of increasingly sophisticated API attacks.
Jeremy will present real-world examples and show what we can learn from them, while drawing on data from a decade of data breaches, including notable cases like Points.com, moveIT, Money Lover and bugs in West Bengal and Rajasthan government websites, as well as others.
Jeremy will analyze API breaches by primary and secondary attack vectors and compare these findings to what we witnessed in 2023.
Finally, this talk will provide the actionable insights and practical advice needed to help you implement effective API security strategies across your organization. Jeremy will cover the 6 pillars of API security needed for companies to secure their APIs, as well as guidance on implementing authentication, authorization, input validation, encryption, and regular security assessments.
Overall, this talk will emphasize the importance of API security, summarize findings from the last 12 months, explore the trends we’re seeing in cyber security and make predictions for the rest of 2024, as well as providing recommendations and tips for improving cybersecurity postures.
Jeremy is the founder and CEO of FireTail.io, an end-to-end API security startup. Prior to FireTail, Jeremy worked in M&A at Rapid7, a global cyber leader, where he worked on the acquisitions of 3 companies during the pandemic. Jeremy previously led sales at DivvyCloud, one of the... Read More →
