This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Friday, October 23 • 10:00am - 11:00am
What Do You Mean My Security Tools Don’t Work on APIs?!!

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

How do you verify and protect your APIs, REST and SOAP services, and custom interfaces? They’re everywhere in modern webapps, mobile, IoT, and more. And they're just as susceptible to injection, unauthorized access, account hijacking, and other attacks as traditional web applications. But traditional static (SAST) and dynamic (DAST) scanners simply don’t work on APIs. In this talk, Jeff will discuss techniques and challenges testing and protecting modern service-based web applications, like ones running Spring Security, Spring Boot, and Angular JS. Jeff will discuss the use of security instrumentation to identify vulnerabilities in APIs during development, and protecting those APIs in production. Instrumentation has revolutionized the field of performance management, which (like application security) used to be dominated by experts using expert tools to generate PDF reports. We'll explore how instrumentation can allow application security to work on APIs, work in conjunction with Waterfall/Agile/Devops, scale to entire application portfolios, and change the way we practice application security.

Watch the Talk Video

avatar for Jeff Williams

Jeff Williams

Cofounder and CTO, Contrast Security
Jeff brings more than 25 years of application security leadership experience as co-founder and Chief Technology Officer of Contrast Security. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by... Read More →

Friday October 23, 2015 10:00am - 11:00am CDT
Cypress Room Norris Conference Center, Austin

Attendees (0)