The publication of the OWASP Top10 for API security last Summer marked a corner stone in the API security history. Finally, there is a global recognition that applications based on APIs require different protection. In the past year or so, more than 200 breaches have been published on https://apisecurity.io. Some very well-known names are on that list. What did they do wrong ? How can we learn from their mistakes and take an approach that prevents most common API abuse? Our goal in this talk is to share pragmatic, direct actionable best practices. We present a methodology to “pick your battles” and focus on the most critical issues first. You will leave this session with either the great satisfaction that you’ve already done a good job to protect your APIs or an actionable TODO list to address immediate issues :)
Isabelle is the Field CTO and co-founder of 42Crunch, a startup on a quest to revolutionise the API Security market. As a pre-sales and services person, she has worked with numerous large enterprise customers across the globe, helping them understanding the technology trends and designing architectures adapted to their legacy and business requirements. Isabelle is passionate about learning new technologies and transmitting her knowledge.
We seek to provide a respectful, friendly, professional experience for everyone, regardless of gender, sexual orientation, physical appearance, disability, age, race or religion. We do not tolerate any behavior that is harassing or degrading to any individual, in any form. The Code of Conduct will be enforced.
All live stream organizers using the Global Azure brand and Global Azure speakers are responsible for knowing and abiding by these standards. We encourage every organizer and attendee to assist in creating a welcoming and safe environment. Live stream organizers are required to inform and enforce the Code of Conduct if they accept community content to their stream.
If you are being harassed, notice that someone else is being harassed, or have any other concerns, report it. Please report any concerns, suspicious or disruptive activity or behavior directly to any of the live stream organizers, or directly to the Global Azure admins at firstname.lastname@example.org. All reports to the Global admin team will remain confidential.
We encourage local organizers to set up and enforce a Code of Conduct for all Global Azure live stream. A good template can be found at https://confcodeofconduct.com/, including internationalized versions at https://github.com/confcodeofconduct/confcodeofconduct.com. An excellent version of a Code of Conduct, not a template, is built by the DDD Europe conference at https://dddeurope.com/2020/coc/.