Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Apidays London 2024 - Securing APIs, Beyond the...

apidays
October 12, 2024

Apidays London 2024 - Securing APIs, Beyond the Basics with Advanced Security Practices, Karanvir Attwal

Securing APIs: Beyond the Basics with Advanced Security Practices
Karanvir Attwal, Senior Solutions Engineer - Akamai

apidays London 2024 - APIs for Smarter Platforms and Business Processes
September 18 & 19, 2024

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays

October 12, 2024
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. © 2024 Akamai | Confidential 1 Securing APIs Karanvir Attwal

    API Security Specialist Beyond the basics with Advanced Security Practices
  2. © 2024 Akamai | Confidential 3 Existing application security solutions

    not built for evolution of API attacks 31% of web traffic is APIs 1 Akamai State of the Internet Report 2 Akamai threat researchers have identified that 31% of all traffic protected by Akamai is API traffic More APIs deployed every day More API traffic More API attacks Why API Security is Needed Today 30% of all web attacks targeted APIs in 2023
  3. © 2024 Akamai | Confidential 4 Broad product capabilities: Flexible

    deployment, integrations, runtime protection, API testing, etc. API Attacks Are Not An If, But When In the last 12 months, 24 of 70 major data breaches stemmed from API vulnerabilities, impacting 15 different industries.
  4. © 2024 Akamai | Confidential 5 Order Coffee Order a

    Car Check the Weather Check in for a flight Use Maps Log in to Social Media APIs are Everywhere Open Internet, Employees, Suppliers, Partners, IoT Massive Attack Surface 31% of all traffic protected by Akamai is API traffic
  5. © 2024 Akamai | Confidential 6 API and Web Services

    Protect the client app from compromise Desktops Business Partners Multicloud Application and Data Services API and Web Security • Threat Prot • Bot Prot • Privacy • PCI DSS IoT Devices Internet Defend the applications from unavailability Protect the applications from OWASP, bot, and API attacks Defend APIs from attacks within the perimeter Defend applications against abuse and sensitive data exposure Today’s App and API Landscape
  6. © 2024 Akamai | Confidential 7 API and Web Services

    API and Web Security • Threat Prot • Bot Prot • Privacy • PCI DSS AAP protects the “front door” of the application and APIs API Security provides deep visibility and intelligence to what’s occurring inside the application environment Today’s App and API Landscape NEW
  7. © 2024 Akamai | Confidential 8 APIs are different They

    require a different approach Unlike web apps, when you expose an API to the internet, it is open for direct calls and subsequent abuse
  8. © 2024 Akamai | Confidential 9 © Noname Security. All

    rights reserved. 9 How m any APIs do you have?
  9. © 2024 Akamai | Confidential 10 © Noname Security. All

    rights reserved. 10 What type of data is being transm itted?
  10. © 2024 Akamai | Confidential 11 API asset inventory, change

    detection, network mapping, reconnaissance. Discovery Configuration control, vulnerability management, remediation prioritization. Posture Management Detection and prevention of attackers and suspicious behavior in real time. Runtime Protection Secure APIs in dev to stop vulnerabilities before production. Testing Complete API Security at any stage of your API Lifecycle The API Security Pillars
  11. © 2024 Akamai | Confidential 12 Understand your API ecosystem

    like never before The API Security Pillars • API inventory • Network mapping • Change detection • Reconnaissance Discovery Posture Management Runtime Protection Testing
  12. © 2024 Akamai | Confidential 13 Protect what you know

    The API Security Pillars • Proactive monitoring • Configuration control • Severity classification • Remediation Discovery Posture Management Runtime Protection Testing
  13. © 2024 Akamai | Confidential 14 Protect what you know

    The API Security Pillars • Real-time detection • Behavior analysis • Detect data exposure • Prevention integrations Discovery Posture Management Runtime Protection Testing Detection and prevention of attackers and suspicious behavior in real time .
  14. © 2024 Akamai | Confidential 15 Protect what you know

    The API Security Pillars • CI/CD Integration • Shift left • Reduce risk exposure • Vulnerability labs Discovery Posture Management Runtime Protection Testing Secure APIs in dev to stop vulnerabilities before production.
  15. © 2024 Akamai | Confidential 17 • Deploy Noname globally

    at scale in any combination of SaaS, hybrid, or on -premises (including a hardened virtual appliance for public-sector organizations) • Enable local control with global visibility with Remote Engines • Easily comply with multiple regulatory requirements, regional policies, and technical directives Flexible Deployment Options Noname secures your APIs wherever and however you need Noname Hosted Hybrid Customer Hosted
  16. © 2024 Akamai | Confidential 18 Summary • Know what

    you have! Build a complete inventory and API catalogue to ensure full control over your API estate • Analyze traffic from all types of environments and enjoy more flexibility • Test APIs and find vulnerabilities during the development cycle to avoid introducing risk into production environments • Leverage out of the box integrations with the existing security stack to accelerate remediation activities • Flexibility around deploying the solution to meet your Data Sovereignty and Governance needs.