Registration required: October 10, 2024, 7:00pm – 9:00pm Pacific Time
Session One: Protecting Your Code – API Security from Development to Deployment
APIs are critical in modern applications but are increasingly targeted by cyberattacks. This session equips developers with actionable strategies to secure APIs throughout their lifecycle.
We will explore the key vulnerabilities, including authorization, authentication, data exposure and business logic flaws – providing practical techniques to mitigate these risks. Attendees will learn the importance and approaches to shift-left API security with continuous, comprehensive and automated testing.
Through real-world case studies, the session highlights the impact of API breaches and offers preventive measures. We will discuss secure deployment strategies, continuous monitoring, and ensuring compliance with regulations like GDPR and PCI DSS. This presentation delivers actionable insights for developers to fortify their APIs against evolving threats, ensuring robust security from development to deployment.
Dan Barahona brings over 20 years of cybersecurity experience with executive leadership roles at APIsec, Qualys, Anomali, ArcSight and others. He’s led Product Development, Sales teams, and Marketing at startups and publicly traded companies. Dan co-founded APIsec University with Corey Ball in 2022 to help develop a new army of API security defenders. He earned engineering degrees from Rensselaer Polytechnic and Cornell University, and an MBA from University of Michigan.
APIsec Overview: The APIsec security testing platform discovers the most serious API vulnerabilities that lead to data theft and compromise. APIsec automatically creates and runs thousands of attack playbooks, custom-generated for each unique API, to find security vulnerabilities and data logic flaws BEFORE production. The zero-touch deployment model requires no source code access, no agents, and nothing inline. APIsec runs at the speed of DevOps, alerting security teams and developers immediately of new vulnerabilities in the CI/CD pipeline, ensuring all API code is continuously validated.
Session Two: Make Cybersecurity Measurably Better with Metrics!
Measuring the performance of your program plays a critical role in helping you demonstrate alignment to key goals, garner business buy in and validate strategic changes. But finding the right metrics is a growing challenge in the industry. In this session, IANS Faculty Shannon Lietz will provide a rundown of how to refine your metrics capabilities to inform your strategic direction and help you communicate security’s value to the rest of the business. She’ll cover:
- How to define your core strategy and best practices for determining KPIs
- Key types of metrics, their pros and cons, and when to use each
- Sample metrics aligned to different major security strategies to showcase how you might build dashboards to support specific initiatives
Shannon is the Founder and CEO of ThirdScore. This followed her role as VP, Security at Adobe, where she led Product and Software Security. Shannon is also the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.
IANS Overview: For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk. We provide experience-based security insights for Chief Information Security Officers and their teams. The core of our value comes from the IANS Faculty, a network of seasoned practitioners. We support client decisions and executive communications with Ask-an-Expert inquiries, our peer community, deployment-focused reports, tools and templates, and consulting.
