Solving the Next Generation of Application Security Solutions Forum

  • Thursday, 04 Aug 2022 11:00AM EDT (04 Aug 2022 15:00 UTC)
  • Speaker: Chris Dale

Modern applications are extremely hard to secure and protect. Micro-services, APIs, and cloud services are complex and continuously changing. Traditional security solutions that focus on building a higher wall, a deeper moat, are simply too static and too slow to respond to the pace of continuous change and attacks. Now is the time to close the divide between teams and renew the focus on application security to support the next generation of business innovation.

This solution forum will showcase a new approach to Application and API security. Security through observability, where security has the context of the application and is able to mitigate fraud and abuse. It’s time to bring engineering, operations, and security together for the next generation of application security.

Join the SANS Solutions Forum Interactive Slack Workspace for this event (and all SANS Forums)! Connect once and you're set for all events in 2022!

Solving_Next_Gen_App_Sec_Solutions_Forum_-_Reg_Page_(1).png

Sponsor

Traceable logo

Agenda | August 4, 2022 | 11:00 AM - 3:00 PM EDT

Schedule

Description

11:00 AM

Welcome & Opening Remarks

Chris Dale, SANS Instructor & Subject Matter Expert

11:10 AM

Harnessing the Speed of Innovation

Modern business success is defined by the ability of leaders to inspire their teams to innovate and deliver value for their customers. In a rapidly changing and competitive market, speed and velocity is the key to success. However, modern applications also face incredibly complex technical and business challenges. Learn from Traceable's CTO and co-founder, Sanjay Nagaraj, about the key principles that leaders need to account for when building their teams and defining their culture.

Sanjay Nagaraj, Co-founder and CTO, Traceable AI

11:30 AM

API Security Requirements - What You Need to Have to Secure Your APIs

APIs have become the critical glue that binds together almost all of the applications and online services that the world now uses daily. 

 What hasn't evolved as quickly as API usage itself, is the way that we secure these critical communications channels. The industry is now catching up to the importance of API security, the available solutions in the market, and what API security should include, from a capabilities perspective. The security industry needs to be able to have discussions about how to properly secure APIs, and organizations need to have the option to compare different solutions to see which ones meet their needs. Join Traceable's Head of Product Management, Renata Budko, to learn the must have API security requirements your organization needs, to properly secure your APIs.

Renata Budko, Head of Product, Traceable AI

11:50 AM 

Anatomy of an API Attack - Applying MITRE Framework to API Threat Modeling

In this talk we will take a look at the practical issues of security APIs through the length of the MITRE framework. We will discuss: 

- An overview of MITRE framework
- How well known API attack vectors map to known adversary tactics and technique
- A real-world use case of an attack that has started as an API breach and got developed into a full-fledged MITRE-style att@k
- Effective mitigations for API exploits

Renata Budko, Head of Product, Traceable AI
Upendra Mardikar, Chief Security Officer, Snap Finance

12:10 PM

Break

12:20 PM

API Catalog: First Step Towards API Security

API Security starts with being able to discover and catalog all of your APIs and their distributed interactions in real-time. In simple terms, you can’t protect what you can’t see. In this session, join Traceable Product Manager, Amod Gupta, as he talks about the need for an actionable API Catalog, the capabilities it must provide, and how security teams can start creating one.

Amod Gupta, Product Manager, Traceable AI

12:50 PM

API Security: Preventing API Abuse and Data Leakage

API's are the interconnectivity pipe through which data flows between apps and to/from users including threat actors. As the amount of sensitive data which flows through API's increases manifold it is imperative that security teams get a better understanding of the volumes of traffic leaving their apps. From fake accounts creation to account takeovers to data exfiltration to API Fraud the abuse of API's needs a new approach to ensure API's don't become the attack vector for data breaches.

Sudeep Padiyar, Traceable AI

1:10 PM

Break

1:25 PM

Workshop - Effective API Security with Traceable AI

This workshop will be a combination of presentation and demo that will illustrate how Traceable helps you improve your security posture and reduces the risks of API attacks. We’ll discuss the technology platform, then look at key capabilities and see how they come together to help you to:
- Know your API security posture
- Protect your APIs
- Get API security insights
- Develop secure APIs

Anoop Kartha, Traceable AI
Dan Gordon, Traceable AI

2:20 PM

Success Stories - Overcoming API Security Challenges

Learn from other experts in their journey to improve and secure their APIs. This panel discussion will explore common challenges and hurdles different security leaders faced when tackling API security in their organization.

Dana Gardner, Director of Content, Traceable AI
Randy Gingeleski, Senior Security Engineer, Product Security, Bullish
Pathik Patel, Head of Cloud Security, Informatica
Upendra Mardikar, Chief Security Officer, Snap Finance

2:55 PM

Wrap-Up and Closing Remarks

Chris Dale, SANS Instructor & Subject Matter Expert