TBD Session 2

Apr 29, 2024 10:55am ‐ Apr 29, 2024 11:55am

Identification: SPAPI2402

TBD Session 3

Apr 29, 2024 12:05pm ‐ Apr 29, 2024 1:05pm

Identification: SPAPI2403

TBD Session 5

Apr 30, 2024 11:10am ‐ Apr 30, 2024 12:10pm

Identification: SPAPI2405

Fireside Chat: API Threat Landscape and Mitigation Strategies

Apr 29, 2024 10:00am ‐ Apr 29, 2024 10:45am

Identification: SPAPI2401

We are observing incredible and accelerated change in how we implement and consume digital services. Proliferation of cloud services and technology innovation such as microservices are pushing organisations to adopt newer technologies and methods of operations that are highly complex and highly connected; all with the intent of offering services that are fast, scalable, efficient, and competitive.

As this modern digital revolution ensues, its success is built on the extensive use of Application Programming Interfaces or APIs. Akamai, for example, reported last year that 80% of their traffic was for APIs. But as the adoption of APIs increase, so do the cyber security threats.

APIs are fast expanding the organisational attack surface. They have become very foundational and critical to business operations and simple technical security controls are no longer enough to fend off the surge of threats. It is, therefore, important to understand the modern threat landscape that is fuelled by the rapid adoption of APIs and invest in strategies that reduce risks to accepted tolerances.

In this fireside chat, James Beulah and Golam Bhuiyan, explore what the threat landscape and risks look like in the adoption of APIs, why they require heightened security attention and governance, what risk mitigations can be employed, how API security should be viewed from the lens of industry-accepted frameworks such as the NIST Cyber Security Framework and the Australian Cyber Security Centre-recommended Essential Eight strategies, why we often get it wrong, and what could happen when things do go wrong.

Data Access and Its Critical Role in Incident Response

Apr 30, 2024 12:20pm ‐ Apr 30, 2024 1:05pm

Identification: SPAPI2406

Incident Response is a complex process that touches all IT disciplines and business applications when its activation is required. In this scenario, Data Access, if well structured, protected and documented, could represent the last hope when it comes to protecting organizations’ critical data. Both processes need to work together to strengthen organizations posture and evolve in time according to non-on-premise infrastructure adoptions.

Securing APIs by Design for the Connected World

Apr 30, 2024 10:00am ‐ Apr 30, 2024 11:00am

Identification: SPAPI2404

In an interconnected world, securing APIs is paramount. Enabling seamless communication between different software components in a world of converging systems. However, poor API design can inadvertently introduce vulnerabilities.

In this talk, we’ll dissect how API design directly impacts security and explore the critical intersection of API design and security and the emerging area of securing APIs in the Internet of Things (IoT). Topics include API vulnerabilities, addressing secure design and implementation, and securing IoT. Real-world examples of vulnerable API design issues will be discussed, along with the attack vectors, best practices and innovative solutions.

Attendees will gain insights into addressing these vulnerabilities and challenges while designing and implementing APIs and related systems.