• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

What?! My Security Tools Don’t Work on APIs?

What Do You Mean My Security Tools Don’t Work on APIs?!!

How do you verify and protect your APIs, REST and SOAP services, and custom interfaces? They’re everywhere in modern webapps, mobile, IoT, and more. And they’re just as susceptible to injection, unauthorized access, account hijacking, and other attacks as traditional web applications. But traditional static (SAST) and dynamic (DAST) scanners simply don’t work on APIs. In this talk, Jeff will discuss techniques and challenges testing and protecting modern service-based web applications, like ones running Spring Security, Spring Boot, and Angular JS. Jeff will discuss the use of security instrumentation to identify vulnerabilities in APIs during development, and protecting those APIs in production. Instrumentation has revolutionized the field of performance management, which (like application security) used to be dominated by experts using expert tools to generate PDF reports. We’ll explore how instrumentation can allow application security to work on APIs, work in conjunction with Waterfall/Agile/Devops, scale to entire application portfolios, and change the way we practice application security.

Key learning points:
  • Traditional static (SAST) and dynamic (DAST) scanners simply don’t work on APIs.
  • Discuss techniques and challenges of testing and protecting modern service-based web applications.
  • Instrumentation has revolutionized the field of performance management, which (like application security) used to be dominated by experts using expert tools to generate PDF reports.

About Jeff Williams

A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff is a widely requested speaker with recent presentations at the Palmer Symposium, LASCON & the American Petroleum Institute Cybersecurity Conference. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Primary Sidebar

Details

Wednesday May 18, 2016
1:30 PM - 2:30 PM
Room 12
Level: Intermediate
Focus: , Cybersecurity

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.