July 28, 2022

FireTail presenting at the BlackHat open source Arsenal 2022

FireTail presenting at the BlackHat open source Arsenal 2022 on Wednesday at 10am local time. Come learn more about our open source code library for real-time, inline API security checking.

FireTail presenting at the BlackHat open source Arsenal 2022
BlackHat is the world's preeminent cybersecurity conference

The team at FireTail is delighted to share that we have been selected to present at the world's top cybersecurity conference - BlackHat 2022.

Specifically, we'll be opening up our API security library as open source for the very first time. We will be joining a number of other research and cyber operations teams to share tools that we've built, based on our learnings.

We have spent the last several months building a database of API data breaches, and analyzing them to understand the attack vectors, vulnerabilities and TTPs that bad actors use against APIs. This has brought us to the same logical conclusion that Gartner and Akamai shared in their State of the Internet report, Volume 7, Issue 4 - API: The Attack Surface that Connects us All. That conclusion is:

"Vulnerabilities in apps handling API data are the direct cause of these breaches. Nothing else is to blame." - Gartner

We started FireTail with that statement in mind, combined with our own thesis around making it easy for any developer to build a more secure API. That's why we made FireTail for the developer, DevOps or DevSecOps team. It's lightweight, easy to adopt, easy to integrate into either new or existing applications. It does not require re-thinking your application logic, or changing anything about your data flows.

What does FireTail inspect?

FireTail sits on top of popular open source frameworks for building web services and APIs, like OpenAPI/Swagger, Express and Rails, and then provides in-line security processing of the API calls. FireTail checks for (in sequential order):

1. API call is hitting valid route using a valid method. This allows for a zero-trust, declarative API structure, with proper error handling at the HTTP layer.

2. Inspection of authentication token. Does the API expect a JWT, application-issued API key or other? FireTail will check whether a valid token of the correct type is present.

3. Payload inspection. FireTail will look for and fail invalid queries.

The BlackHat Arsenal

Past companies and tools exhibited at the BlackHat Arsenal include open source tools that have become part of the everyday conversation for security practitioners.

See the details on FireTail's session at Blackhat Arsenal here.

Date: Wednesday, August 10 | 10:00am-11:30am ( Business Hall - Arsenal Station 3 )

Want to know more? Meet us in Vegas.

And if you can't make it to BlackHat, don't worry. This time, what happens in Vegas won't stay in Vegas. We'll be able to post more after the conference. Stay tuned for more!