In the last decade, APIs have become fundamental to our teams, partners, and customers. While we’d like to believe it all happened as a carefully executed plan, let’s be honest... there’s as much luck as foresight in the mix. Luckily, success drives success so we’ve seen things explode in great ways. Unfortunately, that very success has cost us too.

APIs are becoming a consistent and devastating attack vector for applications that store everything from financial records to passport information to what you’re looking for in a date. In this session, we’ll reconsider some our earliest assumptions and lay out some strategies for bringing our APIs out of the shadows and protecting ourselves, our partners, and our customers.


Comments are closed.

Ian Littman at 16:41 on 22 Feb 2019

Well-delivered, sufficiently scary, and a mix of solid analogies and clear calls to action, so you know both what to do and what not to...and why...and both how you get to a point where an API has issues and how to avoid getting there. So...par for the course for a talk of Keith's :)

Guido Faecke at 18:05 on 22 Feb 2019

API development from a totally different approach.
Instead of reminding us of a "good" API should do, he made as think about what a "good" API shouldn't do!
For me it opens up a complete new look at API design.

Very well prepared and full of good information. I love the idea of "thinking like a bad guy" (security is a personal hobby) and exploring that avenue of API development was very relevant.

LG at 10:45 on 25 Feb 2019

Like any good security talk, it stats off with a little jump scare (2M records compromised, Boo!) and then dives right into how to do things right. Casey underscores just how real the threat is for ALL organizations, and reminds us that by the time attacks are discovered there could have been years worth of damage going on.