Loading…
This event has ended. Visit the official site or create your own event on Sched.
View analytic
Friday, October 23 • 10:00am - 11:00am
What Do You Mean My Security Tools Don’t Work on APIs?!!

Sign up or log in to save this to your schedule and see who's attending!

How do you verify and protect your APIs, REST and SOAP services, and custom interfaces? They’re everywhere in modern webapps, mobile, IoT, and more. And they're just as susceptible to injection, unauthorized access, account hijacking, and other attacks as traditional web applications. But traditional static (SAST) and dynamic (DAST) scanners simply don’t work on APIs. In this talk, Jeff will discuss techniques and challenges testing and protecting modern service-based web applications, like ones running Spring Security, Spring Boot, and Angular JS. Jeff will discuss the use of security instrumentation to identify vulnerabilities in APIs during development, and protecting those APIs in production. Instrumentation has revolutionized the field of performance management, which (like application security) used to be dominated by experts using expert tools to generate PDF reports. We'll explore how instrumentation can allow application security to work on APIs, work in conjunction with Waterfall/Agile/Devops, scale to entire application portfolios, and change the way we practice application security.

Watch the Talk Video

Speakers
avatar for Jeff Williams

Jeff Williams

Co-founder and CTO, Contrast Security
I've been in security since the late 1980's and have been blessed with the opportunity to help start three great organizations: Aspect Security (recently sold to EY), OWASP, and Contrast Security. | | I'm coming to AppSec EU to meet *you*. I'm easy to find :-) and love to talk about... Read More →


Friday October 23, 2015 10:00am - 11:00am
Cypress Room Norris Conference Center, Austin
  • Host Organization

Attendees (0)