August 2021 Chapter Meeting

Workshop on API Security & Risk Management

APIs are software glue that is revolutionizing our digital worlds by helping enable the next industrial revolution driven by AI/ML and IoT. Implications of APIs are profound on organizations both positive (innovation, newer business models, competitive differentiation etc.) and negative (hidden attack vector, business continuity impact etc.).

 Industry Trends...

• 96% of applications contain some Open Source. Source: Black Duck 2020;
• 83% of internet traffic is via APIs vs 17% HTML. Source: Akamai 2019;
• By 2021, 90% of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the UI, up from 40% in 2019. Source: Gartner.
• By 2022, API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications. Source: Gartner Research, "How to Build an Effective Security Strategy".

Given these trends it is imperative for Security, Compliance and Audit professionals to get a handle on APIs before things get out of control, if not already, by managing API risks proactively.

This session will provide an overview of an effective governance framework that enterprises can adopt to manage their API security and compliance risks. This framework includes best practices, both manual and automated, with relevant tools recommendation. Participants will have an opportunity to exercise use case(s) using existing technologies.