This event has ended. Visit the official site or create your own event on Sched.
View analytic
Friday, October 23 • 10:00am - 11:00am
What Do You Mean My Security Tools Don’t Work on APIs?!!

Sign up or log in to save this to your schedule and see who's attending!

How do you verify and protect your APIs, REST and SOAP services, and custom interfaces? They’re everywhere in modern webapps, mobile, IoT, and more. And they're just as susceptible to injection, unauthorized access, account hijacking, and other attacks as traditional web applications. But traditional static (SAST) and dynamic (DAST) scanners simply don’t work on APIs. In this talk, Jeff will discuss techniques and challenges testing and protecting modern service-based web applications, like ones running Spring Security, Spring Boot, and Angular JS. Jeff will discuss the use of security instrumentation to identify vulnerabilities in APIs during development, and protecting those APIs in production. Instrumentation has revolutionized the field of performance management, which (like application security) used to be dominated by experts using expert tools to generate PDF reports. We'll explore how instrumentation can allow application security to work on APIs, work in conjunction with Waterfall/Agile/Devops, scale to entire application portfolios, and change the way we practice application security.

Watch the Talk Video

avatar for Jeff Williams

Jeff Williams

CTO, Contrast Security
Jeff Williams is a co-founder and CTO of Contrast Security, the world's fastest and most accurate application security technology. Previously, Jeff was a founder and CEO of Aspect Security. He also served as Global Chairman of the OWASP Foundation where he created many open-source standards, tools, libraries, and guidelines – including the OWASP Top Ten, WebGoat, ESAPI, XSS CheatSheet, ASVS and more. Jeff welcomes hearing from you and... Read More →

Friday October 23, 2015 10:00am - 11:00am
Cypress Room Norris Conference Center, Austin
  • Host Organization