0      0

(ISC)2 Security Congress 2022

2101777 - Avoiding Cybersecurity Achilles' Heels with Application Programming Interfaces (APIs)

Oct 11, 2022 4:15pm ‐ Oct 11, 2022 5:15pm


Application Programming Interface (API)-based systems are the emerging best practice for software development, with containerization, microservices and cloud computing providing the catalyst for increasingly rapid and broad adoption. However, much like it took years for front-end software developers to understand, appreciate and purposefully avoid common vulnerabilities such as cross-site scripting and SQL injections, back-end software developers do not generally understand the vulnerabilities associated with internally and/or externally exposed APIs. API security is also an area with minimal awareness across the cybersecurity workforce and minimal cybersecurity tool capabilities. As cybersecurity professionals, we need to understand APIs and their inherent potential vulnerabilities, and we must be able to communicate actionable knowledge to software developers and testers.

Learning Objectives:
  • Describe what APIs are and the related cybersecurity vulnerabilities.
  • Communicate to an organization's software developers and testers the vulnerabilities associated with internally and externally exposed APIs.
  • Communicate to an organization's software developers and testers how to actively avoid API cybersecurity vulnerabilities


  • Mr. Andrew Boyle, CISSP, CEH, PMP, PMI-ACP, SAFe SPC/SA, PRINCE2, AWS-SAA, FinOps CP, NN/g UXC, Director and Distinguished Digital & Cyber Technologist, Booz Allen Hamilton

You must be logged in and own this session in order to post comments.