API Security & Legal Risk Workshop Series

In collaboration with FRSecure, and TeejLab, ISACA San Diego is excited to announce our interactive online workshop series on API Security. Consisting of 4 workshops in total, each workshop is designed to help individuals and organizations understand the importance of Web APIs in today's digital economy, and various business risks they pose to organizations.

Web APIs benefit organizations immensely through accelerated innovations, newer business models, competitive differentiation. Their growing significance can be measured based on the fact that APIs contribute 83% of the Internet traffic today. This growing API usage also means increased cybersecurity risks for enterprises. Given the importance of APIs in digital transformation and the risk they pose to enterprises, it is imperative for Security, Compliance and Audit professionals to better understand various API risks.

In this 4-series workshop, we'll discuss various risks that originate from enterprise API ecosystems. In particular, we'll talk about business risks that are tied to the underlying API security problems. We’ll then provide an overview of an API Governance framework that effectively manages API business risks. This framework is inspired by Software Composition Analysis (SCA) and Zero Trust model. Throughout these workshops, we’ll highlight the best industry practices and hands-on examples for API Risk Management.

Dr. Baljeet Malhotra is an award-winning researcher and a global tech leader known for his work in Open Source and API Risk Management. He founded TeejLab in 2019 and steered the team to build API Discovery and Security™, world's first end-to-end API Risk Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys for $565 million). He also served as Research Director at SAP and Senior Software Engineer at MahindraTech. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC. He has given numerous ISACA, ISSA, IIA, ISC2, OWASP talks globally, and published several papers, patents and articles.

Visit Baljeet on LinkedIn: https://www.linkedin.com/in/baljeetmalhotra/

API Security & Legal Risk Workshop #1: API Security & Legal Risk Management for Organizations

Click Here for a copy of the presentation

WORKSHOP #1 DETAILS

  • 30 mins: Global and Enterprise API Ecosystems

    • Global View of APIs

    • Enterprise View of APIs

  • 30 mins: Classification of API Risks

    • Security and Legal Risks

    • Financial and Operational Risks

  • 10 mins: {Break}

  • 30 mins: Zero Trust Model

    • Zero Trust Resources

    • Zero Trust Tenets

  • 30 mins: Software Composition Analysis (SCA)

    • Why and how SCA?

    • Security and Legal Aspects

  • 10 mins: {Break}

  • 10 mins: Account Setup:

    • https://apidiscovery.teejlab.com/accounts/login/

  • 50 mins: Building the API Risk Management Program

    • Identifying API Security Risks

    • Identifying API Legal Risks

    • Continuous API Monitoring and Assessment

  • 10 mins: {Break}

  • 30 mins: Summary and Conclusions

    • Consolidating API Risk Due Diligence Process

    • Questions and Answers

    • Take Home Exercises

API Security & Legal Risk Workshop #2: The API Security Blueprint - From Basics to Advanced Defense

Click Here for a copy of the presentation

WORKSHOP #2 DETAILS

Section 1: Setting the Foundation

  • 30 mins: Introductions and Overview

    • Importance of APIs in Digital Ecosystem

    • Motivations for Securing APIs

  • 30 mins: Basics of API Security

  • - Examples of API Breaches/Impacts - Understanding API Attacks/Patterns

  • 20 mins: Break (account setup assistance)

Section 2: Hands-On Basics

  • 25 mins: Advanced API Security

    • OWASP Top 10: Authentication and Authorization

    • OWASP Top 10: Injections and Rate Limits

  • 25 mins: Hands-on API Security

    • Hands-on: Configuring API Security Tests

    • Hands-on: Executing API Security Tests

  • 10 mins: {Break}

Section 3

  • 50 mins: API Security Program

    • Role of API Gateways

    • Preventing API Attacks

    • Continuous API Monitoring

30 mins: Summary and Conclusions

  • Take Home Exercises

  • Questions and Answers