Alex Rifman
APIsec University Champion
Actions
APIsec University Champion and enthusiast based in Chicago, currently working at APIsec University and APIsec.ai, an automated API security platform company.
Mr. Alex Rifman was previously employed as a Director of Operations at Anomali, concentrating on enabling threat intelligence, incident response, and sharing capabilities. Prior to Anomali, Mr. Rifman was responsible for deploying Managed Security Services and automated capabilities, including volumetric and behavior based threat and anomaly detection for Fortune 500 companies, with a specialization in behaviour-based user anomaly detection for eCommerce customers, including fraud and application misuse detection and prevention. He also spent time at Securonix as a Director of Customer Success for Strategic Accounts.
Mr. Rifman graduated from Case Western Reserve University with a Bachelor of Science in Computer Engineering and a minor in Economics, and holds several security certifications, including a CISSP.
API Security 101: How to not be featured in a top ten breaches list
This talk will dive into the fundamentals and best practices for API Security. By understanding the 3 Pillars of API Security, encompassing governance, testing and monitoring, attendees will gain a comprehensive understanding of the essential elements required to safeguard APIs. The session will conclude with practical insights, offering best practices and valuable do's and don'ts for implementing and maintaining secure APIs.
Why are APIs under attack?
-83% of internet traffic are APIs
-APIs are under-secured
How do APIs get attacked?
Attackers look for APIs that are over-permissioned, return to much information, access unauthorized functions, and expose logic flaws. Attackers are able to bypass a web or mobile app and hit the API directly.
OWASP top 10!!
#1-#4 are the biggest issues
More compliance regulations are including testing APIs.
-PCI
-HIPPA
-GDPR
-FedRAMP
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top