etc.venues 360 Madison, New York
360 Madison Ave, New York, NY 10017
May 2025
300+
participants
200+
companies
15+
sessions
20+
speakers
CIOs, CTO, CDOs, SVPs, VPs, Heads of Innovation, Heads of API, API Architects, Developers, Software Engineers, Infrastructure & Cloud Managers, IT Managers, Product Managers, Consultants & Analysts
Learn from the best about Business Models, Design & Documentation, Lifecycle Management, Security & Identity Management, Testing & Monitoring, Banking APIs and Open Banking, Developer Marketing, Digital Transformation, GraphQL, Microservice Architecture, Mobile & IoT APIs
NORTH AMERICA / EMEA / APAC Amsterdam | Barcelona | Berlin | Helsinki | Jakarta | London | Melbourne | New York | Paris | San Francisco | Singapore | Sydney | Zurich
Since 2012, 50+ apidays conferences have been organised in 13 countries to cover Banking & Financial Services | Consulting | Energy | Healthcare & Life Science | IT & Technology | Manufacturing & Automotive | Media | Non-profit & Education | Public Sector | Retail | Transport & Hospitality
APISecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security. Never before has a conference been focused solely on teaching the tactics and techniques in hacking APIs to red teams and how to defend against them to blue teams. This conference will feature multiple tracks of curated content, each dedicated to offense and defense from some of the most well-known cybersecurity influencers and hackers in API vulnerability research.
Digital Strategist and Influencer
Digital Strategist and Influencer -
Brenton House is an ex-hacker, filmmaker, developer, architect, consultant, strategist, and now Digital Evangelist. Brenton House is known for his unique creative work on several hit YouTube series such as API Cybersecurity 101, API Cookery, and Breaking the Build. As an expert Digital Strategist, Brenton currently works as Vice President for Digital Evangelism at Software AG, a global leader in the API, Integration, and IoT space.
Author & Sr. Manager - Penetration Testing
Moss Adams
Author & Sr. Manager - Penetration Testing - Moss Adams
I am a senior manager of penetration testing consulting at Moss Adams. In addition, I am the best selling author of Hacking APIs and winner of the 2022 SANS Difference Makers Award for Book of the Year. In 2022, I helped create the APIsec University and released the API Penetration Testing course.
I have over thirteen years of experience working in IT and cybersecurity across several industries, including aerospace, agribusiness, energy, fintech, government services, and healthcare. In addition to a bachelor’s degree in English and philosophy from Sacramento State University, I hold the OSCP, CCISO, CEH, CISA, CISM, CRISC, and CGEIT industry certifications. I have had the pleasure of being the technical editor of the Kali Linux Pentest Bible (Wiley) and Black Hat GraphQL (No Starch Press).
VP of Security Research
Checkmarx
VP of Security Research - Checkmarx
I am the Head of Security Research at Checkmarx, a global leader in application security.
In this role, I lead the company’s security research efforts, overseeing and managing three teams (in two countries) of top-notch professionals - researchers, analysts, pen-testers, secure development engineers, and bounty hunters.
Building and leading this group of experienced defenders, attackers, and security researchers is quite a challenge. Still, it brings invaluable skills and knowledge vital for maintaining Checkmarx’s top-notch vulnerability detection technology and security education platform.
I am enthusiastic about my work and believe it makes a huge difference out there.“No one will protect what they don’t care about, and no one will care about what they have never experienced” - Sir David Attenborough
While I enjoy all aspects of my job, I think my favorite part is to be able to educate and raise security awareness. This brought me to found and lead the AppSec Village as part of DEF CON, lead several OWASP projects and give talks at global events and conferences like RSAC, DEF CON, and Black Hat.
Co-Founder & CTO
Escape
Co-Founder & CTO - Escape
Antoine is co-founder & CTO of Escape. Antoine is a former French National Secret Agency and Apple security engineer and penetration tester.
Co-founder and CEO
Escape
Co-founder and CEO - Escape
Tristan is co-founder & CEO @ Escape (GraphQL Security). He was a seasoned freelance developer and Machine Learning Researcher at UC Berkeley. He witnessed the API Security problem with his eyes while working for a customer. He saw an entire company database being stolen in 2018 through an API he developed himself.
Author of "Design and Build Great APIs", API Strategist & Advisor
amundsen.com, Inc.
Author of "Design and Build Great APIs", API Strategist & Advisor - amundsen.com, Inc.
An internationally known author and speaker, Mike Amundsen consults with organizations around the world on network architecture, Web development, and the intersection of technology & society. He works with companies large and small to help them capitalize on the opportunities provided by APIs, Microservices, and Digital Transformation. Amundsen has authored numerous books and papers. He contributed to the O’Reilly book, "Continuous API Management" (2018). His "RESTful Web Clients", was published by O’Reilly in February 2017 and he co-authored "Microservice Architecture" (June 2016). His latest book — "Design and Build Great APIs" — for Pragmatic Publishing, is scheduled for release in early 2020.
Distinguished Engineer, CTO IBM Security
IBM
Distinguished Engineer, CTO IBM Security - IBM
I am a technical executive with a PhD in Cybersecurity and a focus on security architecture for external clients.
- YouTube videos on cybersecurity with more than 3 million views
- Author of "Inside Internet Security: What Hackers Don't Want You to Know" (Addison-Wesley)
- Member of the inaugural class of the NC State University Computer Science Alumni Hall of Fame
- Contributing author to the "Information Security Management Handbook" Sixth Edition, Volume 7 (Auerbach)
- IBM Master Inventor
- Served on international assignment in Beijing
- Served as member of the NC State University Computer Science Strategic Advisory Board
- Member of the IBM Academy of Technology
- Presented at more than 100 conferences/seminars
- Over 40 years' experience in the IT industry
- Published articles on cryptography, virtual private networking, identity management, LDAP, password security and network security
- Served on editorial board for the "Information Management & Computer Security" research journal, NC State Univ Cyberlaw board, program committee for the International Network Conference
- Experience in software development as a programmer, designer and project leader
- Extensive experience in pre-sales consultative selling, security architecture development and vision setting
- Worked with clients in more than 40 countries across 6 continents
Global Head of Presales
42Crunch
Global Head of Presales - 42Crunch
Passionate about helping customers make good decisions in an increasingly digital world.
Special Knowledge Areas:API Protection, API Security, Innovation, Growth Engineering, REST API, Async API, Access Federation, Secure Mobile Connect, Secure Cloud Architectures, Payment
Co-Founder and CEO
Akto.io
Co-Founder and CEO - Akto.io
Ankita is the co-founder and CEO of Akto.io. Prior to Akto she has experience working in VMware, LinkedIn and JP Morgan. She holds MBA from Dartmouth College and Bachelors in Technology from IIT Roorkee. She is a past speaker at DefCon, BlackHat and various OWASP meetups and conferences.
Author of Continuous API Management
Founder and Chairman of Apidays Conferences
Author of Continuous API Management - Founder and Chairman of Apidays Conferences
Mehdi Medjaoui is the founder of APIdays conferences series worldwide, that he started in 2012 in Paris. He is highly involved in the API community and API Industry, and is a current author, lecturer, consultant and investor in the API space. In 2011 he co-founded OAuth.io, a SaaS OAuth API middleware for OAuth integration and implementation used by 40,000+ developers, that had been acquired in December 2017. His research involves publishing the API Industry Landscape and the yearly State of Banking APIs.
CTO
Layer7
CTO - Layer7
Francois is a Distinguished Engineer and CTO for API Management at Broadcom Software. Previously, Francois was a member of the Ping Identity Office of the CTO. An early adopter of service orientation, Francois specialized in the application of security in distributed systems. Notably, Francois was the first developer at Layer 7 Technologies where he was part of a team who developed a best of breed API security gateway technology which disrupted a category, and continues to be used by hundreds of enterprises today.
Principal Engineer, Platform Team Lead
Sanofi
Principal Engineer, Platform Team Lead - Sanofi
Being associated with the industry since 2012, I have worked as a Developer, Leader, Architect and now Principal Engineer to build, architect and improve solutions based on APIs and real time communication.
I have been thanked for my work around automation of processes allowing the companies to greatly increase the efficiency of their workflows while improving the developer experience and the quality in the final product. My colleagues know me as a good communicator who likes to use an interactive approach for understanding the requirements and solving problems of varied scope.Working with a plethora of roles - both technical and business - such as lead architect, staff engineer, project manager and CxO but also legal team I have been able to develop keen eyes for various technicalities which helped me in maximizing our products impact's for our customers.
Sr Developer Advocate | Solutions Architect
Yubico
Sr Developer Advocate | Solutions Architect - Yubico
I started my career as a web developer, quickly following in love with the end to end process from designing functional user experiences, scoping application interfaces, and the deployment/building of code.
From there, I moved into an Architecture role, where I got to play with interesting cutting edge technologies in the area of Artificial Intelligence. I had the great opportunity to work directly with Microsoft, Amazon, and newer start-ups to test their technologies for their applicability in a large enterprise like ExxonMobil.
From there I transitioned to become the Product Manager of the ExxonMobil Health Applications group. In February of 2020 I asked myself "There is no way this gig could be that hectic, right?". In March 2020 the COVID pandemic swept the US, forcing us into lockdown, leaving me to help guide the team through the "pandemic year".
Nowadays I'm at Yubico, where I've been helping to create guidance targeted at developers to help make their applications more secure through the use of WebAuthn.
When not online you can find me crate digging at record shops, front row at concerts (short problems), at theaters watching classic movies, or writing self-indulgent bios.
Co-Founder and CEO
StackHawk
Co-Founder and CEO - StackHawk
Joni is the CEO and co-founder of StackHawk. She has deep experience building products as a product leader in the DevOps ecosystem, including growing companies from seed through high growth and acquisition. Now, her primary focus is helping developers find and fix security bugs before they deploy to production and bringing security and developer teams together. When she's not in CEO mode, she loves to travel, try new foods, and enjoy time at home with her husband and two dogs, Q and Tokyo.
Co-Founder and CTO
Akto.io
Co-Founder and CTO - Akto.io
Ankush is the co-founder & CTO at Akto (https://www.akto.io). Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He has acquired US patents at Microsoft and at CleverTap.
PM
Layer7
PM - Layer7
- Proven leader guiding organizations in technical direction and enabling digital transformation
- 20+ years of experience in the software industry with a strong technical background
- Deep background in digital technologies including APIs, Cloud, Microservices, and Integration
- Balance of business understanding and technical expertise enables effective consultation and decision making
Customer Engineer
Layer7
Customer Engineer - Layer7
Globally experienced technologist that is always on the look out for the next generation of technology that is used to service the enterprise, mobile or internet based products and services. I am interested in all aspects of infrastructure from basic shared hosting to large scale automated data center design. Enjoy working with all levels of fellow technologists to solve complex issues and comfortable working with engineers or executives to build new business solutions.
As one of the founding members of Layered Tech we built the company from a 2 man operation 4+ years ago to the multimillion dollar global data center provider it is today. I have 10+ years of experience with startup's such as 3Tera, LT and others along with working at CA I have seen and experienced most everything you can when it comes to providing service and support at all levels from small local start up MSP to large scale GSP.
I have strong skills in all main stream operating systems, application architecture ( servers, DB, storage platforms, system messaging, API's, security, networking et), virtualization platforms and general data center design. Always on the look out for new ways to complete complex tasks with automation and virtualization technologies allowing us to eliminate human error allowing for higher levels of operational efficiency and overall performance.
I have 18 years of supporting global customers across a wide range of regions, time zones, cultures and customer bases from first world tier one telco providers in the US to up and coming service providers in south east Asia.
Chief Operating Officer
Data Theorem
Chief Operating Officer - Data Theorem
Doug Dooley is the Chief Operating Officer of Data Theorem. He heads up product strategy, marketing, sales, and customer success teams. Before joining Data Theorem, Dooley worked in venture capital leading investments of cloud-centric security, machine-learning, and infrastructure startups for Venrock. While at Venrock, Dooley served on the boards of Evident.io (Palo Alto Networks), Niara (HPE), and VeloCloud (VMware). Prior to Venrock, Dooley spent almost two decades as an entrepreneur and technology executive at some of the most innovative and market dominant technology infrastructure companies – ranging from large corporations such as Cisco and Intel to security and virtualization startups such as Neoteris, NetScreen, and RingCube. Earlier in his career, he held various management, engineering, sales, and marketing roles at Juniper Networks, Inktomi, and Nortel Networks. Dooley earned a B.S. in Computer Engineering from Virginia Tech.
Director
Data Theorem
Director - Data Theorem
Richard is a Director at Data Theorem. He works with security professionals and developers across different size organizations to better understand market trends and needs around mobile app security, mobile app fraud and API security. Before joining Data Theorem, Richard worked for Cisco Systems helping different organizations develop security solutions across many different areas of technology including network security, cloud security, data center security and identity management. Prior to Cisco Systems, Richard worked as an entrepreneur and technology influencer at collaboration leader TANDEBRG and virtualization startup RingCube Technologies. Richard earned a B.S. in Management Information Systems from San Jose State University.
Head of Product Management at SAST & Engines
Checkmarx
Head of Product Management at SAST & Engines - Checkmarx
• A decade+ of experience in designing and delivering world-class software products.
• Hands-on product development management.
• Managing the end-to-end lifecycle for products, for enterprise offerings.
• Experienced in agile methodologies for Product management.
• PRD, MRD, and technical document writing.
• Market analysis, Business cases, Product strategy, and Solution definition to multiple markets.
• Highly experienced in designing web user interfaces, and creating examples using wireframes and mock-ups (Figma, Balsamiq, Pencil).
• Manage Change Control procedures: Issue and track customer relations or additional scope and activities in the product with our internal R&D.
• Highly technical, professional, ambitious, dedication to work even in irregular hours with the US market.
• Team player, People person, and leader.
• Possess knowledge in various areas of technology, such as big data, AI, mobile devices, operating systems, monitoring solutions, etc.
SVP, Head of Data Aggregation Product
Fidelity Investments
SVP, Head of Data Aggregation Product - Fidelity Investments
Multi-dimensional global executive excelling at opportunities that need definition, vision, and Lean innovation. Strong track record for "building the right thing" as well as "building it right" by innovating differentiated customer experiences, products, websites, Agile, SRE and digital transformation, SOA and cloud modernization. Expertise in large scale solutions supporting Open Banking/Open Finance, supporting API developers and eco-systems, telco, financial services, contact center, Salesforce CRM, billing, BSS, network management and digital applications. Extensive accomplishments in Lean software/product delivery, transforming teams, products and strategy in start-ups to largest global companies.
VP of Engineering
StackHawk
VP of Engineering - StackHawk
Dan Hopkins is the VP of engineering at StackHawk. He has experience building engineering teams from 0 to big, managing architecture and design, and establishing evolving development processes. His personal philosophy is to develop teams first and then software. Away from the keyboard, he loves skiing, camping, playing the piano, and reading (and can provide a book reference for just about any topic). And yes, he’s a Colorado local; of course, his favorite time to be out driving is when it’s dumping powder.
Field CISO & Customer Advocate
F5
Field CISO & Customer Advocate - F5
Chuck Herrin is Field CISO & Customer Advocate at F5. He joined the company through the acquisition of Wib Security, where he held the position of CTO.
In the 20 years prior to Wib, Chuck held a variety of CISO and technology leadership roles, including EVP and CISO for Texas Capital Bank and end to end responsibility for Security, Risk, and Compliance for AIG’s Consumer Group.
Chuck is passionate about security and particularly interested in emerging threats and the rise of generative AI, microservices, and APIs in modern applications
Sr. Cyber Security Solutions Architect
F5 API Security
Sr. Cyber Security Solutions Architect - F5 API Security
Peter has over 25 years of experience in the software industry with another decade before that as an amateur programmer. Peter has spent the last 15 years in the world of web application development and application security. As an independent consultant, Peter spent time developing solutions for securing network and application access for Fortune 1000 and security conscious government organizations. Peter currently works with F5 Networks as a Cyber Security Solutions Architect where he focuses on security opportunities across North America, specializing in DDoS, SSL Intercept/Visibility and Web Application Firewall cases
Head of Product for Export Aggregation
Chase
Head of Product for Export Aggregation - Chase
Successful and proven leader with product vision and strong ability to lead teams to deliver on roadmaps. Extensive experience managing technology delivery specifically in building APIs and big data strategies. Excellent people and organization management skills. Top-tier consulting experience.
Currently Head of Product for Export Aggregation for Connected Banking (open banking) at Chase, leading Digital platforms across API strategy, consumer data sharing and partnerships with Third Parties and FinTechs.
VP, Data Governance & Privacy Engineering
Capital One
VP, Data Governance & Privacy Engineering - Capital One
Results-driven & strategic thinking technology executive and serial entrepreneur focused on driving innovation and industry-wide disruption while leveraging data products and big data analytics. Diverse experience and background in Fintech, AdTech, Healthcare, and Media with lived experiences in all phases of growth from seed-startup to global enterprise scale.
Founding Director, MIT Internet Policy Research Initiative & Research Scientist
MIT
Founding Director, MIT Internet Policy Research Initiative & Research Scientist - MIT
Specialties: Internet Public Policy: privacy, freedom of expression, cybersecurity, AI Policy, patents and copyright
Patents and Standards
Open source and internet standards
Semantic Web
Senior Vice President Data Access, Open Banking
Mastercard
Senior Vice President Data Access, Open Banking - Mastercard
Accomplished financial services & payments executive who excels in driving strong business results through innovative product development, creative problem solving and by cultivating high performing teams. Proven track record of end-to-end execution, taking a concept from strategy through to product launch.
APISecure ConferenceRoom: Venture 3 & 2
|
---|
9:30 am
Adversarial AI: Lying chatbots, deep fakes and more
Jeff Crume
Distinguished Engineer, CTO IBM Security - IBM
9:55 am
Putting AI into API Security
Corey Ball
Author & Sr. Manager - Penetration Testing - Moss Adams
10:45 am
APISecOps Culture : Fireside chat discussion with Jean Burelier, Tech Lead Platform Team and Brenton House
Jean Burellier
Principal Engineer, Platform Team Lead - Sanofi
Brenton House
Digital Strategist and Influencer
|
APISecure ConferenceRoom: Venture 3
|
APISecure ConferenceRoom: Venture 2
|
---|---|
11:35 am
LLM API Security
Ankita Gupta
Co-Founder and CEO - Akto.io
Ankush Jain
Co-Founder and CTO - Akto.io
12:00 pm
API Secret Tokens Exposed: Insights from Analyzing 1 Million Domains
Tristan Kalos
Co-founder and CEO - Escape
Antoine Carossio
Co-Founder & CTO - Escape
12:20 pm
From API Security to AI Security - The Solution or the Problem?
Erez Yalon
VP of Security Research - Checkmarx
12:45 pm
Passkeys: Developing APIs to enable passwordless authentication
Cody Salas
Sr Developer Advocate | Solutions Architect - Yubico
|
11:35 am
The Four Pillars of API Security: Layer7 - A Comprehensive API Security InfrastructureAPISecure Workshop by Broadcom
Jeremy Suo-Anttila
Customer Engineer - Layer7
Francois Lascelles
CTO - Layer7
Greg Thompson
PM - Layer7
12:20 pm
Learn GraphQL Security: Process, Tools, & ExamplesAPISecure Workshop by Akto
Ankita Gupta
Co-Founder and CEO - Akto.io
Ankush Jain
Co-Founder and CTO - Akto.io
|
APISecure ConferenceRoom: Venture 3
|
APISecure ConferenceRoom: Venture 2
|
---|---|
2:00 pm
APIs with ChatGPT 4-Turbo and Attack Path Visualization
Doug Dooley
Chief Operating Officer - Data Theorem
2:25 pm
Unlock Shift Left: Right Teams, Right Tools, Fixed Problems
Joni Klippert
Co-Founder and CEO - StackHawk
3:15 pm
Your Defense Must Be Informed by the Offense: API Attack Patterns, the Rise of AI, and What Defenders Need to Know
Chuck Herrin
Field CISO & Customer Advocate - F5
Corey Ball
Author & Sr. Manager - Penetration Testing - Moss Adams
|
2:00 pm
Powering DevSecOps With DevSecTrustAPISecure Workshop by Checkmarx
Yossi Rifold
Head of Product Management at SAST & Engines - Checkmarx
2:50 pm
Beyond Red, Yellow and Green, Bringing Context to API SecurityAPISecure Workshop by Data Theorem
Richard Smith
Director - Data Theorem
|
APISecure ConferenceRoom: Venture 3
|
The New Banking API StackRoom: Venture 2
|
---|---|
4:05 pm
Panel Discussion: Open Banking Frameworks for Secure Data Sharing
Figen Ceceli
SVP, Head of Data Aggregation Product - Fidelity Investments
Awah Teh
VP, Data Governance & Privacy Engineering - Capital One
Danny Weitzner
Founding Director, MIT Internet Policy Research Initiative & Research Scientist - MIT
Shekhar Sahgal
Senior Vice President Data Access, Open Banking - Mastercard
Kathy Wong
Head of Product for Export Aggregation - Chase
4:45 pm
A Journey through API SecurityAPISecure Workshop by F5 API Security
Peter Scheffler
Sr. Cyber Security Solutions Architect - F5 API Security
|
4:05 pm
Test driven API security: From API Discovery to tested Web APIsAPISecure Workshop by StackHawk
Dan Hopkins
VP of Engineering - StackHawk
|
Room: Venture 3
Author of Continuous API Management - Founder and Chairman of Apidays Conferences
Distinguished Engineer, CTO IBM Security - IBM
Large Language Models are becoming more important for all aspects of APIs. I will demonstrate how an AI-driven approach to security can help identify weaknesses and test APIs at scale. This presentation will explore the application of AI for enhancing the effectiveness, quality, and efficiency of API security testing.
We will explore the use of Hacking APIs GPT, PostBot, as well as leveraging a PrivateGPT for testing APIs. I will discuss the strengths and weaknesses of the current state of these tools to help us understand their role in API security.
Author & Sr. Manager - Penetration Testing - Moss Adams
Quantum computing seems like a distant-future technology, but if you consider the pace of enterprise modernization, the quantum threat may be just around the corner - and APIs are a primary target. When is Q-day exactly? Nobody knows yet, but equally unknown is the scale of the corrective measures that will be required of your API infrastructure.
In this presentation you will learn:
- How quantum computing introduces a new security risk
- What is the API-specific exposure associated with this threat
- How and when do you need to start preparing your APIs
- What will be the costs in terms of computing resources and API retrofit projects
- What we are learning from post-quantum API security research and initial tests so far
CTO - Layer7
Principal Engineer, Platform Team Lead - Sanofi
Digital Strategist and Influencer
In this session, we will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, security teams, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs.
1. Overview of Large Language Models (LLMs) APIs
2. Understanding LLM Vulnerabilities:
– Prompt Injections
– Sensitive Data Leakage
– Inadequate Sandboxing
– Insecure Plugin Design
– Model Denial of Service
– Unauthorized Code Execution
– Input attacks
– Poisoning attacks
3. Best practices to secure LLM APIs from data breaches
Co-Founder and CEO - Akto.io
Co-Founder and CTO - Akto.io
Join Escape's co-founder and CTO, Antoine Carossio, together with co-founder and CEO, Tristan Kalos, for insights on critical risks from exposed API tokens. Their groundbreaking research, analyzing 1 million domains, uncovered 18,000+ API tokens and RSA keys accessible without authentication. 41% were highly critical.
They will share his unique web scanning methodology, delve into sensitive API data found revealing potential severe financial losses, and draw parallels to standard API security threats. Going beyond the findings, they'll present actionable remediation strategies and provide a practical API security checklist. Leave equipped with a clear path to secure your APIs.
Co-founder and CEO - Escape
Co-Founder & CTO - Escape
In an era where APIs define the digital ecosystem, securing them against evolving cyber threats has become paramount. Just as the industry began to adapt to the intricacies of API security, the sudden introduction of AI into our digital lives has presented a new frontier of opportunities and challenges.
In this session, we will examine the transformative potential of AI in strengthening API defenses while also navigating the novel challenges it introduces.
We'll delve into AI-driven security strategies, addressing the promise they hold and the perils they pose, including ethical dilemmas and risks of misuse. Just as we began to grasp the nuances of API security, the advent of AI has reshaped the battlefield, compelling us to adapt swiftly.
We need to equip ourselves with the knowledge to navigate this new terrain, balancing the innovative benefits of AI with the responsibility to address its emerging complexities and challenges.
VP of Security Research - Checkmarx
It's a common occurrence to open the news and hear of another data breach, ransomware attack, or other forms of cyber crime. At the root of almost every incident is a compromised credential. Passwords, and legacy forms of multi factor authentication, have been the defacto standard in authentication for decades, but ultimately have failed in protecting user accounts.
One of the most effective ways we can prevent cyber crime is through strong, phishing-resistant authentication. Passkeys offer a ubiquitous way to offer cryptographic based credentials, at scale, to consumers, and enterprises. Passkeys are powered by the open source FIDO2 standard, which ensures operability across all mainstream platforms, browsers, and authentication devices.
Passkeys are now available to a large segment of the consumer market, whether it's through a security key, or your personal mobile device, So, what's preventing adoption?
Many developers are still unaware of the technology itself, or may be unsure how to go about building or architecting a solution. This session aims to close that skill gap by providing an overview on how developers should structure, design, and develop the APIs required to enable passwordless authentication.
The more developers are aware of passkeys, the more they will adopt them into their applications, which will lead to a safer, more secure web for everyone.
Sr Developer Advocate | Solutions Architect - Yubico
APISecure Workshop by Broadcom
Deep dive into the infrastructure that controls access to APIs based on four pillars of security; real time security and integration, API Ops at Scale, API Management, and API intelligence. We will explore how these pillars combine to provide an effective and comprehensive solution for large-scale API security.
Demos:
- API Ops
- Access control
- API management
- API observability and intelligence
Customer Engineer - Layer7
CTO - Layer7
PM - Layer7
APISecure Workshop by Akto
GraphQL Security workshop is for API developers and application security teams, focusing on practical security checks of GraphQL APIs. Participants will gain insights from hands-on experience with the Damn Vulnerable GraphQL Application (DVGA).
The workshop covers essential topics including GraphQL security basics, introspection, overfetching, exploiting recursive types, managing excessive errors, object and key manipulation, and CSRF vulnerabilities. Attendees will learn to automate these security checks within CI/CD pipelines, enhancing their ability to secure GraphQL APIs effectively.
This workshop will equip participants with the knowledge and tools needed for rigorous automated GraphQL security.
Co-Founder and CEO - Akto.io
Co-Founder and CTO - Akto.io
ChatGTP-4 Turbo powers a new class of Enterprise AI assistances. The fuel that powers these new AI assistants is large quantities of data from APIs in the cloud.
Defending APIs from exploit without a deeper contextual understanding of these modern attacks is growing problem for businesses looking to protect their data.
Learn how visualizing the attack path of these modern API exploits are helping customers protect their data.
Chief Operating Officer - Data Theorem
To match the pace of API-driven development, it’s essential to implement a proactive approach to security testing. However, organizations struggle despite a strong desire to integrate security into software delivery cycles effectively.
This talk will dive into the “how” of shifting left, focusing on three fundamental principles: people, process, and technology.
Co-Founder and CEO - StackHawk
Global Head of Presales - 42Crunch
Attacks on API endpoints are now over 90% of attacks seen by F5, and many defenders are not aware of how API attacks differ from the attacks your WAF was built for.
In this compelling session, we are bringing together two seasoned experts from opposite sides of the cybersecurity battlefield.
Veteran CISO and now Field CTO for F5 API Security Chuck Herrin and Corey Ball, a renowned API hacker and author of "Hacking APIs," will share their perspectives on the most pressing API attack patterns, providing attendees with a rare glimpse into the attacker's playbook.
This session is designed to bridge the gap between attack and defense, offering practical insights on how defenders can think proactively to secure their application and API environments.
We’ll also share what’s coming, as generative AI makes attackers jobs easier while driving even more API usage and another new attack surface.
Field CISO & Customer Advocate - F5
Author & Sr. Manager - Penetration Testing - Moss Adams
APISecure Workshop by Checkmarx
DevSecOps has been around the industry for over a decade now and has ridden the hype cycle into accepted best practice —but best practice doesn’t mean easy.
Join us for an in-depth discussion on the current state of DevSecOps, as you hear from your peers on how they’re balancing speed, agility, and security in their SDLC.
With the grow th of IaC, the use of third-party and open-source code, serverless architecture, and other technological advancements, organizations need to understand the actual practice of DevSecOps beyond the theory.
In this roundtable, we’ll explore topics such as:
• Obstacles your peers have faced implementing DevSecOps, and how they’ve overcome them
• The importance of trust and collaboration between AppSec and Developer teams
• The role of security and developer leadership in setting the tone and driving adoption
Head of Product Management at SAST & Engines - Checkmarx
APISecure Workshop by Data Theorem
As the need for an API Security program continues to grow, organizations are seeing new challenges emerge.
Like any security tool, understanding what is a real threat in the noise of red, yellow and green alerts is always a challenge.
In this workshop, we will review how to bring context to your API security programs to produce actionable results.
Director - Data Theorem
To align with new open banking policy proposals, technology integrations that enable secure data sharing are top of mind for many in the industry, from financial institutions to security experts to fintechs. This panel is a cross-section of leaders across the industry sharing different perspectives on:
- Ways to use technology to support secure open banking
- The benefits of API solutions and the move away from screen scraping
- The risks accumulating in the open banking ecosystem
- What you can do to support data traceability
- What’s next when it comes to APIs in enabling secure data sharing
SVP, Head of Data Aggregation Product - Fidelity Investments
VP, Data Governance & Privacy Engineering - Capital One
Founding Director, MIT Internet Policy Research Initiative & Research Scientist - MIT
Senior Vice President Data Access, Open Banking - Mastercard
Head of Product for Export Aggregation - Chase
APISecure Workshop by F5 API Security
Take a real-world look at some dangerous and common API exploits, highlighting practical techniques for protecting your most critical digital assets.
Sr. Cyber Security Solutions Architect - F5 API Security
APISecure Workshop by StackHawk
You can't secure what you don't know about. First you need to understand your API and web application attack surface and then put effective security coverage in place.
In this session, we will use the StackHawk platform to discover applications and APIs in GitHub repositories and then the StackHawk scanner to run best-of-breed security tests and ensure your API and Web applications are secured.
VP of Engineering - StackHawk