API Security

Organizations that haven’t been focusing on API security could be vulnerable to data theft, corruption, or DDoS attacks. In this session, you will learn about common attack vectors for APIs and Websites, and a five-step plan that you can implement to help protect your APIs at scale

Five-step plan for securing your APIs

Learn some common API attack vectors and a five-step plan that you can implement to help protect your APIs

Duration: 45min
Slides: https://www.slideshare.net/slideshow/5-step-plan-to-securing-your-apis/201990921

Securing your APIs at Scale

Here are the slides of my presentation at Postman Galaxy 2020 where Javier Garza and Mike Elissen explain common attack vectors against APIs, some strategies to defend against attacks including a demo

Duration: 45min
Slides: https://www.slideshare.net/JavierGarza18/securing-your-apis-at-scale-talk-at-postman-galaxy-2020

Build Distributed Architectures at the Edge

Javier shares an insight on the capacity imbalance between the core and the Edge of the Internet, and some examples of how building distributed architecture can help to ensure Fast and Secure Apps

Duration: 20 min
Slides: On this 20min talk, Javier shares an insight on the capacity imbalance between the core and the Edge of the Internet, and some examples of how building distributed architecture can help to ensure Fast and Secure Apps

Automating the management of Akamai properties with Open Source

Learn how to leverage the Akamai CLI and Open Source tools like HTTPie and jq to build a framework that can manage Akamai configuration changes in an automated way and that's easy to integrate with CI/CD automation tools like Jenkins

Duration: 45min
Slides: https://www.slideshare.net/slideshow/automating-the-management-of-akamai-properties-with-open-source/155380153

The secrets to building and delivering amazing apps at scale (long version)

Javier Garza shares 14 things you should implement today for building and delivering amazing apps at scale

Event: AWS Re:Invent
Duration: 45min
Slides: https://www.slideshare.net/slideshow/aws-reinvent-the-secrets-to-building-and-delivering-amazing-apps-at-scale/124846592

The secret to building and delivering amazing apps at scale (short version)

We are more mobile now than ever. Although we use our mobile devices to optimize our time and do more anytime, anywhere, our apps are still too slow and cannot cope with our fast-paced lifestyle. Javier Garza details the ingredients you need to build and deliver an amazing app your users will love.

Event: Keynote at Velocity San Jose 2018 Keynote
Duration: 20min
Slides: https://www.slideshare.net/slideshow/the-secret-to-building-and-delivering-amazing-apps-at-scale/102623851#12

Real world experiences with HTTP/2

Beyond a turnkey solution that offers instant performance gains, HTTP/2 has led to a large amount of questions and confusion about how to optimize for it. Michael and Javier share their experiences with HTTP/2 , discussing case studies that demonstrate how performance can be improved over HTTP/2 while addressing backward compatibility, exploring using RUM data to review performance-related observations of customers after switching to HTTP/2, and offering hands-on demos of HTTP/2 with server push and HTTP/2 + QUIC.

Event: O'Reilly Velocity Conference
Duration: 45min
Slides: https://www.slideshare.net/slideshow/real-world-experiences-with-http2-michael-gooding-javier-garza-from-akamai/68423026

CTF 101

Running a Capture the Flag event and explaining how to solve some of the challenges

Session run at the Pacific Hackers End of Year celebration Meetup at Hacker Dojo, Mountain View, CA, USA on 27-FEB-2025

Application Security (Spanish)

Participated in a panel about Application and Developer Security at GMSecTec's conference in Mexico City, MX on 3-DEC-2024

Leveraging OWASP Projects for DevSecOps

Showing how you can use a couple of OWASP projects to benchmark security tools and also establish a DevSecOps culture

Talk at the OWASP San Francisco Bay Area Meetup, at Hacker Dojo, Mountain View, CA, USA on 23-OCT-2024

The Secure Autopilot: Hardening AI Agents and MCP ecosystems

AI agentic coding tools are redefining how developers build software — and how attackers exploit it. In this hands-on workshop, you’ll learn how to securely use tools like Cursor, Claude, and GitHub Copilot while identifying and mitigating AI-specific security risks. We’ll cover detection of tool poisoning, prompt injection, and toxic flow vulnerabilities in MCP servers, followed by AI-focused red teaming of LLM endpoints and AI-powered APIs to uncover jailbreaks, data leakage, and unsafe behaviors. Attendees will leave with practical skills, tooling, and security patterns for building safer AI-driven development workflows.

The presentation includes QR codes pointing to the technical resources needed to follow the demos. The presentation duration is ~45min

The Hacker's Guide to Life: Research, Optimize, and Achieve the Extraordinary

Javier has spent over a decade optimizing and securing the web, and applying a 'Hacker Mentality' to every challenge he comes across. In this fun and inspiring talk, Javier will share how this quest to 'hack' his own life expanded beyond his professional work, leading to extraordinary achievements in various areas.
Discover the methodology he used to go from a self-taught programmer hacking games to beating all computer games high scores, drastically optimizing a 27+ mile bike commute from 3 hours to just 54 minutes, and successfully getting waves in highly competitive Hawaii while surfing with people way better than him. Learn how to apply these same principles of optimization, lateral thinking, and strategic attack/defense to 'hack' your own life and reach your full potential in anything you pursue, including your professional challenges like Cybersecurity.

Duration: 45min

Leveraging OWASP Projects for DevSecOps

Mixed session of slides and demo showing how you can leverage a couple of OWASP open source projects to be able to supercharge a DevSecOps strategy in your enterprise

Event: OWASP Bay Area Meetup
Duration: 45min
Category: DevSecOps
Technical Level: Intermediate