Episode 5: Building API Security Programs

Join us for the next live episode in our API Security Masterclass Series!

We’ll cover an introduction to APIs, what kind of vulnerabilities are in APIs, how you can find them, and how you can test your own APIs. Whether you’re on the blue team and trying to understand threats, a hacker new to APIs or a developer trying to better understand how your code can go wrong, these live classes will tell you everything you need to know. 

Now that we’ve found some vulnerabilities in our API, so how do we actually get them fixed? More importantly, how do we start to build a program that ensures all our API vulnerabilities are fixed? And remain fixed. This session will cover the basics of vulnerability management, how to work with existing developer workflows, and the best practices for integrating security into your development lifecycle. Learn to implement robust security measures, automate vulnerability scanning, and foster a security-first mindset with your development team. Building your API AppSec toolkit, from open source tools, to some of the considerations before you invest.

This session will start with the basics of how developers work and some common development methodologies they employ, before introducing vulnerability management and the vulnerability lifecycle. We’ll discuss what makes API development different, with some of the common web application frameworks, and some advice on controlling API sprawl before API endpoints are deployed. Then we’ll continue looking at free and open source tools you can use and some of the considerations on when you should consider an upgrade to a full API security platform like Traceable, keeping your API secure no matter what your budget.

Note that this is an interactive experience, so you will want to tune in live and be ready to participate so you can get the most out of it!