This talk will dive into the fundamentals and best practices for API Security. By understanding the 3 Pillars of API Security, encompassing governance, testing and monitoring, attendees will gain a comprehensive understanding of the essential elements required to safeguard APIs. The session will conclude with practical insights, offering best practices and valuable do's and don'ts for implementing and maintaining secure APIs.

Why are APIs under attack?
-83% of internet traffic are APIs
-APIs are under-secured

How do APIs get attacked?
Attackers look for APIs that are over-permissioned, return to much information, access unauthorized functions, and expose logic flaws. Attackers are able to bypass a web or mobile app and hit the API directly.

OWASP top 10!!
#1-#4 are the biggest issues

More compliance regulations are including testing APIs.
-PCI
-HIPPA
-GDPR
-FedRAMP