API Security & Legal Risk Workshop Series
In collaboration with FRSecure, and TeejLab, ISACA San Diego is excited to announce our interactive online workshop series on API Security. Consisting of 4 workshops in total, each workshop is designed to help individuals and organizations understand the importance of Web APIs in today's digital economy, and various business risks they pose to organizations.
Web APIs benefit organizations immensely through accelerated innovations, newer business models, competitive differentiation. Their growing significance can be measured based on the fact that APIs contribute 83% of the Internet traffic today. This growing API usage also means increased cybersecurity risks for enterprises. Given the importance of APIs in digital transformation and the risk they pose to enterprises, it is imperative for Security, Compliance and Audit professionals to better understand various API risks.
In this 4-series workshop, we'll discuss various risks that originate from enterprise API ecosystems. In particular, we'll talk about business risks that are tied to the underlying API security problems. We’ll then provide an overview of an API Governance framework that effectively manages API business risks. This framework is inspired by Software Composition Analysis (SCA) and Zero Trust model. Throughout these workshops, we’ll highlight the best industry practices and hands-on examples for API Risk Management.
Dr. Baljeet Malhotra is an award-winning researcher and a global tech leader known for his work in Open Source and API Risk Management. He founded TeejLab in 2019 and steered the team to build API Discovery and Security™, world's first end-to-end API Risk Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys for $565 million). He also served as Research Director at SAP and Senior Software Engineer at MahindraTech. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC. He has given numerous ISACA, ISSA, IIA, ISC2, OWASP talks globally, and published several papers, patents and articles.
Visit Baljeet on LinkedIn: https://www.linkedin.com/in/baljeetmalhotra/
API Security & Legal Risk Workshop #1: API Security & Legal Risk Management for Organizations
Click Here for a copy of the presentation
WORKSHOP #1 DETAILS
30 mins: Global and Enterprise API Ecosystems
Global View of APIs
Enterprise View of APIs
30 mins: Classification of API Risks
Security and Legal Risks
Financial and Operational Risks
10 mins: {Break}
30 mins: Zero Trust Model
Zero Trust Resources
Zero Trust Tenets
30 mins: Software Composition Analysis (SCA)
Why and how SCA?
Security and Legal Aspects
10 mins: {Break}
10 mins: Account Setup:
https://apidiscovery.teejlab.com/accounts/login/
50 mins: Building the API Risk Management Program
Identifying API Security Risks
Identifying API Legal Risks
Continuous API Monitoring and Assessment
10 mins: {Break}
30 mins: Summary and Conclusions
Consolidating API Risk Due Diligence Process
Questions and Answers
Take Home Exercises
API Security & Legal Risk Workshop #2: The API Security Blueprint - From Basics to Advanced Defense
Click Here for a copy of the presentation
WORKSHOP #2 DETAILS
Section 1: Setting the Foundation
30 mins: Introductions and Overview
Importance of APIs in Digital Ecosystem
Motivations for Securing APIs
30 mins: Basics of API Security
- Examples of API Breaches/Impacts - Understanding API Attacks/Patterns
20 mins: Break (account setup assistance)
Section 2: Hands-On Basics
25 mins: Advanced API Security
OWASP Top 10: Authentication and Authorization
OWASP Top 10: Injections and Rate Limits
25 mins: Hands-on API Security
Hands-on: Configuring API Security Tests
Hands-on: Executing API Security Tests
10 mins: {Break}
Section 3
50 mins: API Security Program
Role of API Gateways
Preventing API Attacks
Continuous API Monitoring
30 mins: Summary and Conclusions
Take Home Exercises
Questions and Answers
API Security & Legal Risk Workshop #3 - API Security & Legal Risk Management for Organizations
Click Here for a copy of the presentation
WORKSHOP #3 DETAILS
Section 1:
20 mins: The Basis of Legal Framework
What is an API – Definition and the importance of backend/frontend
API compliance for businesses, developers, and legal teams
25 mins: The Legal Landscape of APIs and Data
Key API Agreements & Policies: ToS, EULA, SLAs, DPAs, Privacy Policy, Platform Policy
Data privacy (GDPR, CCPA, HIPAA) and Security compliance (authentication, encryption)
30 mins: API Types, Ownership and Intellectual Property Rights
Open-source APIs vs. proprietary APIs; Licensing models (e.g., open API licenses, restrictive licenses)
Who owns the APIs and the data it processes? Intellectual property (ownership of API code and data)
15 mins: {Account Setup/Help and Break}
Section 2: 50 mins: Key Considerations for API Producers
Understanding API Monetization Models
Legal Considerations for API Monetization
Intellectual Property (IP) & Licensing
10 mins: {Break}
Section 3:
50 mins: Key Considerations for API Consumers
Understanding API Restrictions: Rate Limits, Fair Use, and Quotas
The Hidden Risks of Third-Party APIs: Legal Liabilities You Need to Know
Avoiding API Integration Nightmares: Legal and Compliance Strategies
30 mins: Summary and Conclusions
Section 4:
Take Home Exercises
Questions and Answers