APIs are ubiquitous in today's application infrastructure. Driven by rapid mobile device adoption, the move towards container-based applications, serverless computing, service mesh architecture and cloud adoption, API usage has seen exponential growth. Often publicly exposed and well documented to accelerate and simplify adoption, APIs have become the next frontier in application fraud. The same benefits that APIs bring to the development community are now leveraged by bad actors to commit application fraud and other types of cyber-crime. As a result, API security is top of mind for CIOs, CISOs and security practitioners alike. Researching the wide range of API security alternatives is confusing. This session will delve into the different approaches to protecting APIs from a range of security risks and how security and development teams should approach a consistent protection philosophy.
Carl Gustas currently serves as a solutions engineer with Cequence Security. With over 17 years of industry experience, he played a pivotal role in building the world's first anycast-based Content Delivery Network. Since then, his focus had been in large scale Enterprise delivery with a strong focus on security. Gustas has recently joined Cequence Security to assist users facing the Application Security challenges and is passionate about automation defense.