Upgrade to Pro — share decks privately, control downloads, hide ads and more …

INTERFACE by apidays 2023 - API Security & Ecos...

INTERFACE by apidays 2023 - API Security & Ecosystem Trust, Jeremy Snyder, FireTail

INTERFACE by apidays 2023
APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization
June 28 & 29, 2023

API Security & Ecosystem Trust: Protecting the Keys to Your Kingdom
Jeremy Snyder, Founder and CEO at FireTail

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays

July 11, 2023
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. About me. CEO & Founder at FireTail. 20+ years in

    cybersecurity. 5 human languages. Once went 5 days without seeing another human, but saw lots of reindeer. - Former: AWS, DivvyCloud, Rapid7, TRADOS, others. - UNC BA, GMU MBA, Aalto. - Cofounded FireTail Feb 2022. - [email protected] | @halffinn.
  2. 83% of Internet traffic is API calls. We are on

    track to having 1T APIs. Sources: Akamai, Dell Capital
  3. Step 1 - Reddit. - Change of API usage policy.

    - June 2023. - 1B+ records. - Web & mobile app. - Free -> paid. - No community input. - Company ignoring feedback. - Peloton. - Breach (proven). - May 2021. - 3M records. - IoT backend. - Easy-to-guess IDs. - Sequential numbering. - BOLA. - Schneider Electric. - Breach. - June 2023. - ??M records. - IoT app. - Weak configuration. - Single credentials. - Clear text. API actions that erode trust. https://www.firetail.io/api-data-breach-tracker
  4. Step 1 - Reddit. - Change of API usage policy.

    - June 2023. - 1B+ records. - Web & mobile app. - Free -> paid. - No community input. - Company ignoring feedback. - Peloton. - Breach (proven). - May 2021. - 3M records. - IoT backend. - Easy-to-guess IDs. - Sequential numbering. - BOLA. - Schneider Electric. - Breach. - June 2023. - ??M records. - IoT app. - Weak configuration. - Single credentials. - Clear text. API actions that erode trust. https://www.firetail.io/api-data-breach-tracker
  5. Step 1 - Reddit. - Change of API usage policy.

    - June 2023. - 1B+ records. - Web & mobile app. - Free -> paid. - No community input. - Company ignoring feedback. - Peloton. - Breach (proven). - May 2021. - 3M records. - IoT backend. - Easy-to-guess IDs. - Sequential numbering. - BOLA. - Schneider Electric. - Breach. - June 2023. - ??M records. - IoT app. - Weak configuration. - Single credentials. - Clear text. API actions that erode trust. https://www.firetail.io/api-data-breach-tracker
  6. API security to maintain ecosystem trust. Beginning API security is

    built on many core security first principles. - Maintain visibility. - Keep the right perimeter. - Least privilege. - Good encryption & credential handling. Advanced API security requires going much deeper. - App-level authentication. - App-level authorization. - Proper data handling. - Centralized audit trail.
  7. Report. Get the report. Learn about the data breaches around

    API Security, and how they impact digital ecosystems. https://tinyurl.com/firetail-api-report The State of API Security 2023
  8. Launch. Get started. Get free access to the FireTail API

    Security platform. Or download our open-source libraries at https://github.com/firetail-io https://firetail.app Protect your APIs with FireTail