API Security
Facebook Twitter LinkedIn

API Security

Combined Session
Thursday, May 12, 2016 17:00—18:00
Location: ALPSEE

Best Practice for API Security linked to IAM Technologies in Digital Business

Digital Transformation is building the foundation for entirely new business models within existing organisations, as well as giving rise to entirely new businesses. There could be a 100 billion connected devices by 2025, leading towards a trillion sensors ecosystem. In a hyper-connected era of mobile, social, cloud, big data, and the Internet of Things, future business models will depend on the availability of more data flowing beyond domains and through more systems, being accessed and used by more people.

All this creates a massive challenge for enterprises to keep up with latest trends like API security and Identity and Access Management. Very often technology is chosen for technology sake and not in a strategic and integrated way. Recent examples show a high risk if these topics are not addressed in a professional way.

The good news is that mechanisms do exist to secure APIs. These mechanisms include digital certificates, API Keys, and OAuth as well. In this session, we learn how these technologies can be used to secure, manage, and monitor APIs. We will see practical examples of API security in action, including mobile scenarios. Real-life case studies will be used to show how API security issues have occurred, what their impact has been, and how they can be remedied.

We will also examine the other side of securing APIs, which is how API security can be tested. How can you find out if your API is vulnerable to a security or privacy breach? How can you see if API traffic can be sniffed, replayed, or manipulated. As in the case of API security protection, there are mechanisms which can be used to test API security, including generation of “synthetic” API calls, parameter manipulation, and automation. In this way, API security vulnerabilities can be detected, tested, and fixed before they are exploited.

Key Takeaways:

Rizwan Mallal
Rizwan Mallal
Forum Systems
Rizwan Mallal serves as the Chief Operating Officer. As a founding member and Chief Security Architect of Forum Systems, the wholly owned subsidiary of Crosscheck Networks, Rizwan was responsible...
Philipp Schöne
Philipp Schöne
AXWAY Software
Philipp is Product Manager at Axway for the Axway API Management Product. He works closely with customers to help them adopt an API First approach to their integration strategies as they extend the...
Aran White
Aran White
CA Technologies
Aran is the API Management Pre-Sales lead for CA Technologies for the EMEA region and has over 10 years’ experience in API management and security.  Aran works with customers across all...

Open Banking: OpenID Foundation Financial API

Nat Sakimura and Tony Nadalin are proposing a OpenID Foundation Financial API Work Group.

The WG will take into account open banking initiatives in the US via the FS-ISAC, in the UK via the Open Data Institute's Open Banking Work Group, etc.

Anthony Nadalin
Anthony Nadalin
Microsoft
Anthony Nadalin is a partner architect in the Government Engagement Team leading the Standards and Public Policy practice. Anthony had spent the last 27 years with IBM where he was the Chief...
Nat Sakimura
Nat Sakimura
Nomura Research Institute
Nat Sakimura is a research fellow at Nomura Research Institute specializing on digital identity and privacy, and the Chairman of the OpenID Foundation. He is a co-author of many of the frequently...
Don Thibeau
Don Thibeau
OpenID Foundation
Don is President and Chairman of the Open Identity Exchange (OIX) a non-profit organization of leaders from competing sectors, including enterprise, data services, telecommunications, consulting...
Subscribe for updates
Please provide your email address