Concerned your API keys and other secrets are out in the open?
Free, no obligation API Leaks Assessment
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

October 13, 2022 11:00 AM

The Evolution of API Security

Thanks for the download. 
Thank you for signing up!
A confirmation email has been sent to the address you provided.
We look forward to seeing you! Please add the event in your calendar.
Thanks for filling out the form!
The webinar link will open in the new tab. If its not, please follow
this link

We're seeing a rapid evolution in web application security tools – from WAFs to WAAPs to API Threat Protection. Legacy vendors are scrambling to catch up – moving from appliances to cloud, adding API threat detection capabilities to existing platforms, providing a myriad of capabilities that don't contribute to security or duplicate other capabilities that already exist in the security stack.

In a replay of the bad old days, security teams are often brought in late to the game (or after). The move to "shift left" is absolutely important, but not sufficient -- security teams also need the ability to "shield right" (just like we had to with physical endpoints).

API-specific security tools need to account for a wide swath of challenges:

  • Different protocols (like REST, GraphQL, gRPC, etc.) – each presenting a different security challenge.
  • A myriad of deployment options – it's not a single network anymore, but rather a multiverse.
  • An open target – API are, by definition & design, open so the job of protecting them is much more difficult than before.
  • Continuous attacks – making continuous detection and response critical to modern organizations in order to continue to innovate, compete, and better serve customers.
  • Public-facing APIs are just the tip of the iceberg – as the recent Uber hack demonstrated, we're back to the days of "hard shell / gooey tasty insides" (which failed before), so API security must really bring the "zero-trust" to protect organizations.

Our speakers:

Ivan Novikov

Ivan Novikov

CEO at Wallarm

  • Product security professional
  • inventor of memcached injection and SSRF types of attacks
  • Speaker at HITB, Black Hat, and other industry events