webinar register page

Webinar banner
Positive Security for APIs: What it is and why you need it!
Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or o¬utput validation. Here are a few illustrative real-life examples on this:

• Drupal suffered a major issue in February 2019: a remote code execution flaw due to a parameter not properly validated.
• Tchap, the brand new messaging app of the French government was hacked in an hour due to the lack of validation of the registration email.
• CVE-2017-5638, better known as the “Equifax attack”. This vulnerability in Apache Struts could be exploited by crafting a custom Content-Type header and embedding ONGL expressions in the header value.
• Cisco got fined $8.6 million for knowingly selling its Video Surveillance Manager (VSM) product that included API vulnerabilities to the US federal and state agencies. The actual API flaws included a lack of user input validation and insufficient authentication.

To protect APIs from such issues, an API-native, positive security approach is required: we create a whitelist of the characteristics of allowed requests. These characteristics are used to validate input and output data for things like data type, min or max length, permitted characters, or valid values ranges. But how do we fill the gap between security and development mentioned above?

What you’ll learn:
• Why WAFs fail in protecting APIs
• How a whitelist protects against A3, A6 and A8 of the OWASP API Security Top 10 – (with real-life examples)
• How to build a proper whitelist for API security

Dec 12, 2019 11:00 AM in Pacific Time (US and Canada)

* Required information


Kristin Davis
Head of Marketing @42Crunch
Kristin is the Head of Marketing for 42Crunch – a leading API Security company – and is responsible for making sure this webinar goes off without a hitch! She has almost 2 decades of experience in driving both product and corporate marketing programs across a variety of different industries; with a successful track record of increasing brand awareness and market penetration for companies such as SecureAuth, Fox Technologies and BeyondTrust. https://www.linkedin.com/in/kristinmdavis/
Isabelle Mauny
Chief Evangelist @42Crunch
Isabelle Mauny, co-founder and CTO of 42Crunch spent most of her career at IBM, across a variety of technical roles, at the European level. She was part of the IBM WebSphere Strategy board and played a key role in the deployment in Europe of flagship products such as the WebSphere Application Server or DataPower appliances. During her time at IBM, she worked with the largest organisations both as a solutions architect and services professional. In 2009, she joined Vordel (acquired by Axway) as head of product management to then take the responsibility of the entire WSO2 portfolio as VP of Product Strategy in 2012. Isabelle is passionate about delivering customer-focused solutions and evangelizing the community about them. She has authored multiple books and is a regular speaker at technical conferences. https://www.linkedin.com/in/isamauny/