Today’s API Thread Landscape: Detect and Block Threats
What do Google, Facebook, Paypal, IRS, and USPS have in common? The answer is hackers exploited their APIs to access sensitive customer information. Although these API attacks were detected and exposed, most API-based attacks go undetected in today's technologically sophisticated world – particularly attacks that come from authenticated sources. With the number of APIs increasing constantly right along with the number of API attacks, API security has never been so important to an organization's success.
Ping Identity and Azure have partnered together with a market-leading solution to tackle the complexities and nuances of protecting API infrastructures and the digital assets that they connect.
This session will discuss today’s API threat landscape and explore what you can do to both detect and block advanced attacks on APIs. The presentation will first dive into the API development lifecycle using a live API built with Azure. We will look at some common monitoring capabilities on the Azure API and what a security violation would look like.
Then, we will have some fun by simulating attacks on our own API. In this phase of the presentation, we will simulate some basic attacks and show how security policies or a web application firewall can block these common attacks.
From there, we will dive even deeper by simulating more advanced attacks from authenticated users (data theft and API takeover), hackers who have reverse engineered an API, and layer 7 DoS attacks that fly under the SLA radar.
Aaron’s passion for technology and for enriching connectivity between people and between systems drives him to find innovative ways to help advance organizations through technology. Aaron is the Cloud Practice Manager and an Architect at Big Compass. He has rich experience in a variety of integration environments. He brings a unique integration background where he has worked with multiple technologies to deliver creative implementations in the cloud.
Aaron has led various implementations as a developer, architect, and development manager, so he brings the perspective of each role to every project to align people around a common goal. Aaron is also very involved in the integration community where he leads two Meetups: Denver MuleSoft Meetup and All Things Integration. He uses these Meetups to bring people together to create a community, share knowledge, and enhance collaboration. This platform allows him to engage the local community and beyond to spread knowledge and thought leadership while connecting people and ideas.