November 28, 2022

FireTail present at the BlackHat Europe open source Arsenal 2022

FireTail presented at the BlackHat Europe open source Arsenal in December 2022, showcasing our open source code library for real-time, inline API security checking.

FireTail present at the BlackHat Europe open source Arsenal 2022
BlackHat is the world's preeminent cybersecurity conference

FireTail was selected again to present at the world's top cybersecurity conference - this time at BlackHat Europe 2022.

Specifically, we showcased our API security library as open source for the first time at a European event.

What does FireTail inspect?

FireTail sits on top of popular open source frameworks for building web services and APIs, like OpenAPI/Swagger, Express and Rails, and then provides in-line security processing of the API calls. FireTail checks for (in sequential order):

1. API call is hitting a valid route using a valid method. This allows for a zero-trust, declarative API structure, with proper error handling at the HTTP layer.

2. Inspection of authentication token. Does the API expect a JWT, application-issued API key or other? FireTail will check whether a valid token of the correct type is present.

3. Payload inspection. FireTail will look for and fail invalid API queries.

New code language coverage

At BlackHat USA earlier this year, we unveiled the first version of the FireTail library, designed for the Python programming language and the OpenAPI framework. At BlackHat Europe, we will highlight new coverage for both JavaScript / node.js and Go language (GoLang). We also showed the ability to use Firetail with express.js, a common API framework for node.js.

Standardized logging format

One consistent challenge that security teams have expressed is the lack of standardization or centralization of API logs. FireTail has now created a standardized log format, common to all 3 currently available code languages. FireTail also offers the ability to send these logs to a central location, either locally, on a private network, or to a cloud service.

The BlackHat Arsenal

Past companies and tools exhibited at the BlackHat Arsenal include open source tools that have become part of the everyday conversation for security practitioners.

See the details on FireTail's session at Blackhat Arsenal here.

Want to know more? 

Visit FireTail for more information. We'll also be sharing the recording of the Arsenal demo with you very soon!