Black Hat USA 2019 is still two months away, but it’s never too early for attendees to start planning their schedule. That’s why each week we’re recommending one session from the scores of research briefings and training courses that will be offered at the conference. Following our first pick last week, here’s our second recommendation: Attacking and Securing APIs.
This hands-on, two-day course will teach participants how to build secure web and cloud APIs, which is increasingly important as their usage skyrockets. The instructor is Mohammed Aldoub, a security consultant and trainer with 10 years of experience who worked on Kuwait’s national cyber security infrastructure and focuses on APIs, secure DevOps, cloud security and cryptography.
The course is designed for software developers, security engineers, bug bounty hunters and others. Key takeaways include creating secure web APIs and microservices infrastructure; assessing the security of API implementation and configuration; and using cloud-native tools and infrastructure to deliver secure APIs.
Why we’re recommending it
APIs aren’t new, but as a key element of digital transformation efforts, their usage has grown exponentially. Today, API calls represent 83% of web traffic, up from 47% four years ago, Akamai said in its 2019 State of the Internet report.
With APIs everywhere — in apps, clouds, IoT systems, embedded controllers and more — security pros must know how to protect them. “APIs provide the digital glue that binds apps, cloud resources, app services and data all together – and they’re increasingly an appsec security threat,” wrote Ericka Chickowski in Dark Reading.
In fact, by 2022, API abuses will be the attack vector most responsible for data breaches within enterprise web applications, according to Gartner. Even large, tech-savvy companies run into API security problems: In the past year, Google, Salesforce, Facebook, and T-Mobile have suffered API-related breaches.
And there are particular difficulties involved in securing APIs. As Jacques Declas, CEO of API security vendor 42Crunch, said at Qualys’ QSC18 conference, many enterprise security teams lack the necessary awareness, knowledge and products. In his talk, titled “Ignore APIs at Your Peril,” Declas outlined specific challenges in this area, including the dissolution of traditional network perimeters, and the lack of API security tools and standards. “We know we have a problem,” he said.
Thus, securing APIs has become a critical area for enterprise security teams, and this Black Hat USA 2019 training course seems a worthy one for security pros who want to grow their knowledge and skills in this area.
Qualys at Black Hat USA 2019
A Diamond Sponsor, Qualys will again have a major presence at Black Hat USA 2019, which runs from Aug. 3-8 at the Mandalay Bay in Las Vegas. We’ll be there explaining how we can help organizations protect their hybrid IT environments without slowing down their organizations’ digital transformation.
We invite you to stop by our booth (#204), enjoy a cup of coffee from our Nespresso bar, and chat with our product managers and technical account managers. We’ll raffle hi-tech prizes and give out tote bags after each presentation, including:
- Exclusive product previews, including of our new Threat Detection and Response Platform
- Best practices presentations from leading enterprises
- An overview of how Qualys Cloud Platform, our end-to-end security and compliance solution, gives you a real-time, holistic view of your threat landscape, and comprehensive capabilities for attack prevention and incident response