Application Programming Interface (API)-based systems are the emerging best practice for software development, with containerization, microservices, and cloud computing providing the catalyst for increasingly rapid and broad adoption. However, much like it took years for front-end software developers to understand, appreciate, and purposefully avoid common vulnerabilities such as cross site scripting (XSS) and SQL injections, back-end developers do not generally understand the vulnerabilities associated with exposed APIs. API security is an area with minimal cybersecurity workforce awareness. As cybersecurity professionals we need to understand APIs and their inherent potential vulnerabilities, and must communicate actionable knowledge to software developers and testers.

Learning Objectives:

• Understand how API’s work and inherent potential cybersecurity vulnerabilities
• Gain the knowledge and best practices necessary to communicate API cybersecurity vulnerabilities across your enterprise
• Appreciate the operational, financial, technical, and programmatic elements of APIs and how to implement retroactive and forward-planning mitigations