FireTail at Apidays Australia

The Apidays series of events continues to expand at pace. This year we've already had the pleasure of exhibiting or speaking at events in NYC, Helsinki, London, and Hong Kong. Each one was enjoyable, informative and very well-run so when we got the opportunity to attend and deliver a talk at Apidays Australia, it was an easy call.

FireTail CEO, Jeremy Snyder, was on the ground and delivered a talk entitled 'API Security Breach Analysis & Empowering Devs to Make Secure APIs.' It's a comprehensive exploration of API security, high-profile breach analysis, and strategies to help developers create secure APIs.

In the talk, Jeremy covers:

1. API Breach Analysis: The presentation delves into a decade of API data breaches, highlighting a significant increase in the number of API-based attacks and breaches since 2018. It emphasizes the growing importance of API security.
2. Common Security Risks: The top security challenges concerning APIs are addressed, including a lack of API inventory, visibility, and enforcing perimeter security. These challenges are attributed to the increasing use of APIs in modern applications.
3. Multi-Vector Breaches: Jeremy highlights that most breaches involve multiple vectors, making a strong case for the need to address multiple security aspects.
4. Real-World Examples: The talk explores specific breach incidents, such as Peloton, Lemonade, and Starbucks, providing insights into the vulnerabilities and misconfigurations that led to these breaches.
5. API Security Strategies: The presentation suggests a comprehensive approach to API security, including discovery, visibility, observability, policy assessment, and enforcement. It emphasizes the importance of ongoing visibility and assessment of API environments.
6. Empowering Developers: The talk emphasizes the need to provide clear guidance to developers on identifying and mitigating security risks. The goal is to incorporate security into the development process and empower developers to create secure APIs.
7. DevSecOps Approach: The presentation advocates for a DevSecOps approach, bringing together development, security, and operations to continuously improve API security while maintaining operational efficiency.
8. Security Assessment: The discussion introduces a security assessment process that provides developers with actionable insights and guidance to secure their APIs.
9. Future of API Security: The presentation hints at the evolving landscape of API security, focusing on the increasing importance of securing APIs and the need for ongoing vigilance.

Jeremy's presentation underscores the critical role that APIs play in modern applications and the urgency of implementing robust security measures. It highlights the significance of collaboration between developers, security teams, and operations for an integrated approach to API security.

A big thank you to Ivan and the entire team at Apidays for the opportunity to participate in Melbourne. We are really looking forward to Apidays Paris.