Date: June 22, 2022
Time: 9 a.m. MDT/4 p.m. BST/8:30 p.m. IST
Topic: : The Dos and Don’ts of API Security
Abstract:
Cybercrime is on the rise, and no technology is immune to attacks by malicious actors. Application programming interfaces (APIs) are becoming more prevalent in cloud computing, the Internet of Things, and mobile applications, thus creating new security risks. APIs are frequently targeted for cyberattacks due to their widespread use, access to sensitive functions and data, and weaknesses such as authentication and authorization misconfigurations, lack of rate limiting, and code injection vulnerabilities.
Although organizations should regularly monitor and test APIs to identify and patch flaws and include APIs in incident handling and response plans, API security is often overlooked in the development process. API security testing is often more scalable and sustainable than penetration testing, but it is typically performed at the end of development, when detecting errors tends to be problematic and time consuming. Testing at this stage can result in unsecure application architectures, as developers may have shifted to other projects and there may be insufficient time to correct problems before release. This webinar will discuss API security automation and best practices for implementing the automation process.
Key takeaways:
- Common web application threats and vulnerabilities
- The process of automating API security
- How automating API security helps organizations
Speaker:
Marlene Veum, Head of Global Cybersecurity Operations, Silicon Valley Bank
Bio: Marlene Veum is a senior-level cybersecurity professional with vast experience providing strategic and technical direction in secure product and service delivery, architecture and assurance, risk management, and compliance oversight. She’s led multimillion-dollar security and technical initiatives that support national and international IT services and secure product development. She is also an expert in implementing secure architecture, identity and access management services, technical security controls, risk management, and compliance programs following U.S. and international banking, financial services, healthcare, and export laws as well as various privacy mandates.
Marlene has a track record of successfully leading secure cloud development operations in the areas of encryption standards, virtualization, configuration management, continuous monitoring, service reliability engineering, and vulnerability management. She has traveled to over 14 countries and performed audits, risk assessments, and forensic reviews as part of her multinational experience. She oversees mergers and acquisitions security assessments and integrations, ensuring that critical security vulnerabilities and audit findings are sufficiently mitigated in acquired products, services, and assumed IT infrastructure.
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)