Digital Transformation is building the foundation for entirely new business models within existing organisations, as well as giving rise to entirely new businesses. There could be a 100 billion connected devices by 2025, leading towards a trillion sensors ecosystem. In a hyper-connected era of mobile, social, cloud, big data, and the Internet of Things, future business models will depend on the availability of more data flowing beyond domains and through more systems, being accessed and used by more people.
All this creates a massive challenge for enterprises to keep up with latest trends like API security and Identity and Access Management. Very often technology is chosen for technology sake and not in a strategic and integrated way. Recent examples show a high risk if these topics are not addressed in a professional way.
The good news is that mechanisms do exist to secure APIs. These mechanisms include digital certificates, API Keys, and OAuth as well. In this session, we learn how these technologies can be used to secure, manage, and monitor APIs. We will see practical examples of API security in action, including mobile scenarios. Real-life case studies will be used to show how API security issues have occurred, what their impact has been, and how they can be remedied.
We will also examine the other side of securing APIs, which is how API security can be tested. How can you find out if your API is vulnerable to a security or privacy breach? How can you see if API traffic can be sniffed, replayed, or manipulated. As in the case of API security protection, there are mechanisms which can be used to test API security, including generation of “synthetic” API calls, parameter manipulation, and automation. In this way, API security vulnerabilities can be detected, tested, and fixed before they are exploited.
Key Takeaways:
Nat Sakimura and Tony Nadalin are proposing a OpenID Foundation Financial API Work Group.
The WG will take into account open banking initiatives in the US via the FS-ISAC, in the UK via the Open Data Institute's Open Banking Work Group, etc.