The proliferation of end points and clients, the disappearance of the physical perimeter and lack of API standards and specific tools means that API Security has been either left behind or in many cases overlooked! As a result, We are seeing an increasing number of Web Application breaches exploiting poorly protected APIs, even in large companies.
In this session, we will walk through the issues APIs present, why API security has to be handled differently than standard Web Application Security, and how to put API Security at the heart of your DevSecOps initiative. Learn about the API risks and practical steps to secure your APIs properly, including how to use Qualys’ soon to be available API security services, including API Discovery, API Security Assessment and enforcing your corporate API Security policies.
Even if your IT infrastructure is completely free from known vulnerabilities, you can't let your guard down. Latent vulnerabilities may linger in your custom-coded web applications and APIs, presenting an enticing target for cyber-attackers. You can protect against these with new capabilities in Qualys Web Application Scanning (WAS) to detect out-of-band vulnerabilities such as Server Side Request Forgery and SMTP injection. The upcoming API Security app leverages the Swagger/OpenAPI specification to give your development teams better insights into the security of the APIs they build.