Session

We all remember the famous phrase of Andreessen Horowitz, “Software is Eating the world.” It was definitely true at the time, but times have changed. It’s APIs that are now eating the world. Using APIs to expose core business functionality and facilitate service-to-service communication has become standard. Not only does it give us several control points, but it also makes it easier to deal with complex modern applications. Although, these modern API-driven applications come with their issues like design complexity, visibility, communication, security, etc. One of the major challenges here is properly securing APIs.

It is becoming increasingly urgent as API-related attacks are impacting companies across nearly all sectors, resulting in skyrocketing costs for businesses. In the U.S. alone, the average annual API-related cyber loss is estimated to be USD $12-23 billion. One of the best ways to deal with this is making API security a part of your SDLC.

API Security testing is one of the ways to do that. API security testing helps in finding vulnerabilities in very early stages, giving developers and Product security engineers more time and context to build the resilient systems. In this talk, I’ll show you how to easily integrate API security testing into your SDLC, to build secure applications and APIs using various OSS and Enterprise tools.