Intesar Shannan Mohammed
Founder @ PerfAI.ai
San Francisco, California, United States
Actions
Intesar Shannan Mohammed is a seasoned serial entrepreneur and speaker with profound expertise in APIs, governance, privacy, performance, and security. With a remarkable track record of founding three successful startups in the API space, Intesar's entrepreneurial journey has been defined by innovation and impactful contributions. His profound knowledge and passion for the subject are exemplified by the several granted patents he holds in the domain. Prior to his entrepreneurial ventures, he honed his skills and gained invaluable experience at renowned technology companies, including VMware, Palm, and Cisco.
Area of Expertise
Topics
Empowering Proactive API Performance
Discover how developers can take a leading role in optimizing API performance during the early development cycles. API performance is paramount for successful API consumption. Late detection and resolution of performance issues can result in significant costs, requiring extensive rework and API restructuring. Proactive API performance empowers development teams to take ownership and deliver mission-critical API performance architecture from the outset, ensuring optimal results.
API Security Automation
API security is hard. API breaches now account for the majority of application/data breaches. Most web, mobile apps lack basic API-centric firewalls and gateways to protect app/data.
This session will cover what developers need to know about the top API vulnerabilities and how to build an automated & continuous API security strategy
Why Legacy Web Penetration Testing Doesn't work for APIs
The session will cover the following topics:
Enterprise security evolution in the past two decades
Main architectural components of API vs. web and mobile applications
Major vulnerable areas in Web/Mobile applications
How legacy penetration testing is irrelevant, and it only covers a fraction of API Security
Navigating API Data Privacy
Explore why API data privacy demands additional measures compared to standard data privacy practices. Discover the necessity for enhanced protection beyond encryption and access controls. Understand how API data privacy requires extensive engineering involvement and a comprehensive approach from the ground up to safeguard against breaches and inadvertent leaks.
Mobile API Security Testing Best Practices
According to Gartner, Mobile, Web APIs account for the majority of the application attack surface. Most exploited vulnerabilities no longer come from webserver misconfiguration, SQL injections, or browser hacks. Instead, the most widely exploited vulnerabilities now come from application logic, access controls, and other non-conventional flaws. This session will go over the top vulnerabilities in APIs and build an automated & continuous API security testing strategy. The Shift-Left strategy will deliver secure and faster releases while significantly reducing manual and penetration testing security costs.
Mastering API Versioning
Dive into the realm of API and endpoint versioning best practices that are both precise for internal development teams and friendly for external integrators. Learn why traditional incremental and semantic versioning fall short for APIs and discover the necessity for a hybrid and transparent versioning strategy. Join me in this session as I explore accurate methods for versioning API and endpoint changes, aligning with leading industry standards.
Comprehensive API Governance Checklist
Ensure the reliability, consistency, and security of your APIs with our comprehensive governance checklist. This top-10 list covers essential validation criteria to help you maintain best practices in API design and development. From standardizing HTTP methods to optimizing performance and scalability, each item on this checklist is crucial for ensuring the success of your API initiatives. Use this checklist as a guide to enhance the quality and usability of your APIs, streamline development processes, and foster collaboration across your organization.
Mastering API Contract Best Practices
Discover the art of designing APIs that evolve seamlessly without introducing breaking changes. Learn to identify API breaking changes and how to detect, remediate, and eliminate them. The result? Highly stable and faster API releases.
Best Practices for Building High-Performance APIs
API performance is absolutely crucial for the success of APIs, web applications, and mobile apps. High-performing APIs not only delight users but also help reduce churn rates and increase upsell opportunities. Unfortunately, many product teams often overlook the significance of API performance, leading to poorly designed systems.
In this enlightening session, I will guide you through the entire journey, starting with common API performance pitfalls. We'll explore the critical aspects of designing, testing, and delivering high-performance APIs. Join me to ensure your APIs stand out and drive success in today's competitive landscape.
API Security Top Threats - Secure SDLC & Shift-Left
According to Gartner, APIs now account for over 40% of web/mobile application attack surface. Most API vulnerabilities come from business-logic, role-configuration, and other non-conventional flaws.
This session will go over the top vulnerabilities in APIs and build an automated & continuous API security testing strategy. The Shift-Left/DevSecOps strategy will deliver secure and faster releases while significantly reducing manual and penetration testing security costs.
API Security Testing Best Practices
API security is hard. API breaches now account for the majority of application/data breaches. Most web, mobile apps lack basic API-centric firewalls and gateways to protect app/data.
This session will cover what developers need to know about the top API vulnerabilities and how to build an automated & continuous API security strategy
API Security Testing Modern Best Practices
Learn why legacy DAST, Penetration Testing, won't work with APIs.
Learn why API breaches are far worst than web and mobile data breaches
Learn what you need to cover when security testing your APIs.
See a quick free tool demo and shift-left example.
API Security Best Practices using OpenAPI Specification
Learn how to security test REST APIs against OWASP API Top 10 using OpenAPI specification as the start point.
API security testing is hard most DAST tools focus on basic testing around SQLi, NoSQL, XSS, etc. areas. This session will take a deep dive into most attacked API vectors including authentication flaws, logic flaws, and optionally Log4j vulnerability testing.
This session is for developers, and AppSec leads who are looking to take a deep dive approach to API security. I'll be covering slides and a live demonstration for some of the key areas.
API Governance Best Practices
Join me to understand why API governance is crucial for achieving API success. I'll cover leading API governance standards, including Google's, and discuss the API governance Top 10 list.
API governance is often overlooked by API teams, leading to developers frequently needing to rework APIs, slowing down new updates, and integrators grappling with complexity and difficult-to-maintain integrations.
AI for API Release Notes
Harness the power of AI to track and document API changes, generating accurate and standardized release notes. Deliver release notes that cater to developers, integrators, and machine understanding alike.
PRO WORKSHOP: Top API Security Threats & Solution
The session will cover.
1. Top API threats, e.g., Microsoft & Citi breach case-studies.
2. How to detect and remediate day-0 & day-1 vulnerabilities
3. A live demo of how an exploit unfolds.
PRO WORKSHOP: Your APIs May Be Leaking Data, Learn How to Stop It
APIs are the visible backbone of any application; it’s where all the data and requests get processed. As a result, the API layer exposes a very large surface area for attacks - as evident in the latest hacks against Google+, Facebook and many others. Hackers are now targeting API-specific vulnerabilities and most companies do not even know that their APIs are leaking data. While technical security vulnerabilities, like SQL injection and cross-site scripting (XSS), are the most widely known flaws stemming from coding errors, the vast majority of API attacks exploit access control and business logic vulnerabilities that cannot be detected with SAST and DAST vulnerability scanning solutions. In this session, you will learn about the best practices to identify, track and fix role-based and attribute-based access control (RBAC & ABAC) vulnerabilities that allow users to accumulate excess permissions granting them unauthorized access to otherwise secure API endpoints and resources. You will also learn about business logic flaws that allow hackers to manipulate legitimate API calls to steal data and interfere with business functions. Such vulnerabilities have contributed to the vast majority of API attacks (including Google+, Facebook, Citi and T-Mobile) and could cost companies extremely high fines for breaching GDPR and other regulatory guidelines.
DeveloperWeek Cloud 2022 Sessionize Event
API World 2021 Sessionize Event
API World 2020 Sessionize Event
API World 2019 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top