API Security

  • TYPE: Combined Session DATE: Thursday, May 12, 2016 TIME: 17:00-18:00 LOCATION: ALPSEE


Digital Transformation is building the foundation for entirely new business models within existing organisations, as well as giving rise to entirely new businesses. There could be a 100 billion connected devices by 2025, leading towards a trillion sensors ecosystem. In a hyper-connected era of mobile, social, cloud, big data, and the Internet of Things, future business models will depend on the availability of more data flowing beyond domains and through more systems, being accessed and used by more people.

All this creates a massive challenge for enterprises to keep up with latest trends like API security and Identity and Access Management. Very often technology is chosen for technology sake and not in a strategic and integrated way. Recent examples show a high risk if these topics are not addressed in a professional way.

The good news is that mechanisms do exist to secure APIs. These mechanisms include digital certificates, API Keys, and OAuth as well. In this session, we learn how these technologies can be used to secure, manage, and monitor APIs. We will see practical examples of API security in action, including mobile scenarios. Real-life case studies will be used to show how API security issues have occurred, what their impact has been, and how they can be remedied.

We will also examine the other side of securing APIs, which is how API security can be tested. How can you find out if your API is vulnerable to a security or privacy breach? How can you see if API traffic can be sniffed, replayed, or manipulated. As in the case of API security protection, there are mechanisms which can be used to test API security, including generation of “synthetic” API calls, parameter manipulation, and automation. In this way, API security vulnerabilities can be detected, tested, and fixed before they are exploited.

Key Takeaways:

  • How to link modern IAM Technologies to legacy Infrastructure
  • practical examples of API security in action, including mobile scenarios including Dos and don’ts for API Security and Authentication / Authorization
  • Real-life case studies how API security issues have occurred, what their impact has been, and how they can be remedied
  • How can you see if API traffic can be sniffed, replayed, or manipulated as well as How API security can be tested before production use


Rizwan Mallal serves as the Chief Operating Officer. As a founding member and Chief Security Architect of Forum Systems, the wholly owned subsidiary of Crosscheck Networks, Rizwan was responsible for all security related aspects of Forum’s technology. Previously, Rizwan was the Chief...

Philipp is Product Manager at Axway for the Axway API Management Product. He works closely with customers to help them adopt an API First approach to their integration strategies as they extend the boundaries of their enterprise to incorporate new cloud and mobile channels. With a strong...

Aran is the API Management Pre-Sales lead for CA Technologies for the EMEA region and has over 10 years’ experience in API management and security.  Aran works with customers across all verticals and industries and helps CA customers build their API platforms based on their business...

Nat Sakimura and Tony Nadalin are proposing a OpenID Foundation Financial API Work Group.

The WG will take into account open banking initiatives in the US via the FS-ISAC, in the UK via the Open Data Institute's Open Banking Work Group, etc.


Anthony Nadalin is a partner architect in the Government Engagement Team leading the Standards and Public Policy practice. Anthony had spent the last 27 years with IBM where he was the Chief Security Architect responsible for the security strategy for software group products. Anthony...

Don is President and Chairman of the Open Identity Exchange (OIX) a non-profit organization of leaders from competing sectors, including enterprise, data services, telecommunications, consulting services, SaaS, banking, retail and government. OIX is helping to build solutions to roadblocks for...



European Identity & Cloud Conference 2016

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 10 - 13, 2016 Munich, Germany