Join 42Crunch at the API Specifications Conference

Come hang out with 42Crunch at the API Specifications Conference this October in Vancouver!

 

OpenAPI Initiative’s API Specifications Conference (ASC) is a place for API practitioners to come together and discuss the evolution of API technology. ASC includes cutting edge technology keynotes and sessions that chart the future of APIs, in-depth specification and standards discussions and an extensive tutorial track. The event is designed to be highly interactive with plenty of discussion time throughout the workshops and sessions.

OpenAPI Specification, RAML, API Blueprint, gRPC, OData, JSON Schema, GraphQL, AsyncAPI and other formats will all be topics at the event, enabling attendees to get familiar with these formats and discuss how to use them in practice.

Organized by The OpenAPI Initiative

 

Join some of our API security experts for their presentations!

 

Are you properly using JWTs?
Thursday Oct 17th @11:30am – 12:00
Presenter: Dmitry Sotnikov, VP of Cloud Platform

JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT are often mis-used and incorrectly handled. Massive data breaches have occurred in the last 18 months due to token leakage and lack of proper of validation.

This session focuses on best practices and real world examples of JWT usage, where we cover:

  • Typical scenarios where using JWT is a good idea
  • Typical scenarios where using JWT is a bad idea!
  • Principles of Zero trust architecture and why you should always validate
  • Best practices to thoroughly validate JWTs and potential vulnerabilities if you don’t.
  • Use cases when encryption may be required for JWT

 

Security in OpenAPI Specification
Thursday Oct 17th @12:00 – 12:30
Presenter: Philippe Leothaud, Chief Architect

The enterprise use of APIs is growing exponentially. Companies face a difficult choice. They must shift towards a software-based, digital approach to service and product delivery – or get left behind. And to make matters more complicated, the adoption of microservices architectures has multiplied the number of API endpoints that you have to protect.

In this session, API security expert, Philippe Leothaud, will show how OpenAPI allows for making APIs secure by design and enabling DevSecOps for API infrastructures. He will also discuss which aspects of API security are covered today in OpenAPI contracts and what extensions to the specification are foreseen to have all aspects covered.

 

The Dev, Sec and Ops of API Security
Thursday Oct 17th @2:30pm – 3:00
Presenter: Dmitry Sotnikov, VP of Cloud Platform

The enterprise use of APIs is growing exponentially. Companies face a difficult choice. They must shift towards a software-based, digital approach to service and product delivery – or get left behind. And to make matters more complicated, the adoption of microservices architectures has multiplied the number of API endpoints that you have to protect.

API security flaws are injected at many different levels of the API lifecycle. Security should be easy to considered at requirements phase, applied during development by attaching pre-defined policies to APIs and ensuring that security tests are performed as part of the continuous delivery of the APIs.

We’ll prep you with all the knowledge and tools you need to implement an automated, end-to-end API Security process that will get your dev, sec and ops teams speaking the same language.

 

Try our security audit for free. If you want to see the whole platform in action, request a demo now!

For news on all things API – visit APIsecurity.io and sign up for the weekly newsletter.