Soumettre la recherche
Mettre en ligne
API Risk: Taking Your API Security to the Next Level
•
2 j'aime
•
1,464 vues
CA Technologies
Suivre
API Risk: Taking Your API Security to the Next Level
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 41
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
API Security Lifecycle
API Security Lifecycle
Apigee | Google Cloud
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An Attack
Nordic APIs
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
42Crunch
Vulnerability Management Program
Vulnerability Management Program
Dennis Chaupis
Introduction to Security Testing
Introduction to Security Testing
vodQA
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
James W. De Rienzo
Introduction to Software Test Automation
Introduction to Software Test Automation
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
Test design techniques
Test design techniques
Mohamed Elshenawy
Recommandé
API Security Lifecycle
API Security Lifecycle
Apigee | Google Cloud
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An Attack
Nordic APIs
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
42Crunch
Vulnerability Management Program
Vulnerability Management Program
Dennis Chaupis
Introduction to Security Testing
Introduction to Security Testing
vodQA
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
James W. De Rienzo
Introduction to Software Test Automation
Introduction to Software Test Automation
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
Test design techniques
Test design techniques
Mohamed Elshenawy
An Introduction To Automated API Testing
An Introduction To Automated API Testing
Sauce Labs
Seven testing principles
Seven testing principles
Vaibhav Dash
Security Testing Mobile Applications
Security Testing Mobile Applications
Denim Group
Security testing
Security testing
baskar p
Chatbot Testing
Chatbot Testing
VodqaBLR
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusion
Secure Code Warrior
Security Best Practices
Security Best Practices
Amazon Web Services
7 testing principles
7 testing principles
Testing Expert
Security testing
Security testing
Rihab Chebbah
Reasons To Automate API Testing Process
Reasons To Automate API Testing Process
QASource
Security Testing.pptx
Security Testing.pptx
osandadeshan
Automated Testing vs Manual Testing
Automated Testing vs Manual Testing
didev
Basic Security Chapter 1
Basic Security Chapter 1
AfiqEfendy Zaen
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Amazon Web Services
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
WeSecureApp
End-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
Cyber Security Best Practices
Cyber Security Best Practices
Evolve IP
Automation testing strategy, approach & planning
Automation testing strategy, approach & planning
SivaprasanthRentala1975
Cyber crime and cyber security
Cyber crime and cyber security
jyoti_lakhani
Digital transformation in financial services through trusted digital relation...
Digital transformation in financial services through trusted digital relation...
CA Technologies
Getting the Most from Your CA Advanced Authentication Solution
Getting the Most from Your CA Advanced Authentication Solution
CA Technologies
Contenu connexe
Tendances
An Introduction To Automated API Testing
An Introduction To Automated API Testing
Sauce Labs
Seven testing principles
Seven testing principles
Vaibhav Dash
Security Testing Mobile Applications
Security Testing Mobile Applications
Denim Group
Security testing
Security testing
baskar p
Chatbot Testing
Chatbot Testing
VodqaBLR
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusion
Secure Code Warrior
Security Best Practices
Security Best Practices
Amazon Web Services
7 testing principles
7 testing principles
Testing Expert
Security testing
Security testing
Rihab Chebbah
Reasons To Automate API Testing Process
Reasons To Automate API Testing Process
QASource
Security Testing.pptx
Security Testing.pptx
osandadeshan
Automated Testing vs Manual Testing
Automated Testing vs Manual Testing
didev
Basic Security Chapter 1
Basic Security Chapter 1
AfiqEfendy Zaen
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Amazon Web Services
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
WeSecureApp
End-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
Cyber Security Best Practices
Cyber Security Best Practices
Evolve IP
Automation testing strategy, approach & planning
Automation testing strategy, approach & planning
SivaprasanthRentala1975
Cyber crime and cyber security
Cyber crime and cyber security
jyoti_lakhani
Tendances
(20)
An Introduction To Automated API Testing
An Introduction To Automated API Testing
Seven testing principles
Seven testing principles
Security Testing Mobile Applications
Security Testing Mobile Applications
Security testing
Security testing
Chatbot Testing
Chatbot Testing
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusion
Security Best Practices
Security Best Practices
7 testing principles
7 testing principles
Security testing
Security testing
Reasons To Automate API Testing Process
Reasons To Automate API Testing Process
Security Testing.pptx
Security Testing.pptx
Automated Testing vs Manual Testing
Automated Testing vs Manual Testing
Basic Security Chapter 1
Basic Security Chapter 1
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
End-User Security Awareness
End-User Security Awareness
Cyber Security Best Practices
Cyber Security Best Practices
Automation testing strategy, approach & planning
Automation testing strategy, approach & planning
Cyber crime and cyber security
Cyber crime and cyber security
En vedette
Digital transformation in financial services through trusted digital relation...
Digital transformation in financial services through trusted digital relation...
CA Technologies
Getting the Most from Your CA Advanced Authentication Solution
Getting the Most from Your CA Advanced Authentication Solution
CA Technologies
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
How to Build High-Volume, Scalable, and Resilient APIs (EXP18038)
How to Build High-Volume, Scalable, and Resilient APIs (EXP18038)
Jan Penninkhof
Introduction to Identity-as-a-Service and Secure Access to SaaS
Introduction to Identity-as-a-Service and Secure Access to SaaS
CA Technologies
The Inconvenient Truth About API Security
The Inconvenient Truth About API Security
Distil Networks
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015
Werner Keil
Oracle VM Spec Sheet
Oracle VM Spec Sheet
markgatkinson
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
Convenience and Security for banking customers with CA Advanced Authentication
Convenience and Security for banking customers with CA Advanced Authentication
CA Technologies
API Governance
API Governance
Sunil Kuchipudi
Interoperability in a B2B Word (NordicAPIS April 2014)
Interoperability in a B2B Word (NordicAPIS April 2014)
Nordic APIs
SiteMinder
SiteMinder
Information Technology
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
CA Technologies
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
ProgrammableWeb
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2
Gobierno de apis
Gobierno de apis
CloudAppi
How to Achieve Agile API Security
How to Achieve Agile API Security
Apigee | Google Cloud
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
MuleSoft
Progress in the API Economy - April 2014
Progress in the API Economy - April 2014
3scale
En vedette
(20)
Digital transformation in financial services through trusted digital relation...
Digital transformation in financial services through trusted digital relation...
Getting the Most from Your CA Advanced Authentication Solution
Getting the Most from Your CA Advanced Authentication Solution
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
How to Build High-Volume, Scalable, and Resilient APIs (EXP18038)
How to Build High-Volume, Scalable, and Resilient APIs (EXP18038)
Introduction to Identity-as-a-Service and Secure Access to SaaS
Introduction to Identity-as-a-Service and Secure Access to SaaS
The Inconvenient Truth About API Security
The Inconvenient Truth About API Security
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015
Oracle VM Spec Sheet
Oracle VM Spec Sheet
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Convenience and Security for banking customers with CA Advanced Authentication
Convenience and Security for banking customers with CA Advanced Authentication
API Governance
API Governance
Interoperability in a B2B Word (NordicAPIS April 2014)
Interoperability in a B2B Word (NordicAPIS April 2014)
SiteMinder
SiteMinder
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
Gobierno de apis
Gobierno de apis
How to Achieve Agile API Security
How to Achieve Agile API Security
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
Progress in the API Economy - April 2014
Progress in the API Economy - April 2014
Similaire à API Risk: Taking Your API Security to the Next Level
Tech Talk: Forty2.io: Leveraging Machine Learning to Protect Your Web Applica...
Tech Talk: Forty2.io: Leveraging Machine Learning to Protect Your Web Applica...
CA Technologies
Case Study: Zain Kuwait Accelerates Digital Transformation in Telco with APIs...
Case Study: Zain Kuwait Accelerates Digital Transformation in Telco with APIs...
CA Technologies
La Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las Aplicaciones
Asociación de Marketing Bancario Argentino
Inspire Your Enterprise and Become a Digital Change Agent Through Agile Archi...
Inspire Your Enterprise and Become a Digital Change Agent Through Agile Archi...
CA Technologies
Tech Talk: CA Live API Creator MythBuster: Low Code is a Toy, not Enterprise ...
Tech Talk: CA Live API Creator MythBuster: Low Code is a Toy, not Enterprise ...
CA Technologies
Case Study: How Adobe Secures, Manages and Deploys Enterprise Mobile Apps
Case Study: How Adobe Secures, Manages and Deploys Enterprise Mobile Apps
CA Technologies
Pre-Con Ed: Knock, Knock, the IoT Wants to Come In
Pre-Con Ed: Knock, Knock, the IoT Wants to Come In
CA Technologies
Tech Talk: Federate to an SAML-Enabled App in Minutes
Tech Talk: Federate to an SAML-Enabled App in Minutes
CA Technologies
Identity and Access Management Survey: Current Market Challenges and Solutions
Identity and Access Management Survey: Current Market Challenges and Solutions
CA Technologies
Securely Enabling the Digital Age
Securely Enabling the Digital Age
CA Technologies
Case Study: HMS Delivers Sleek Application Deployments via CA Release Automation
Case Study: HMS Delivers Sleek Application Deployments via CA Release Automation
CA Technologies
Technology Primer: Monitor a Website in Minutes Using Shortcuts for Customer ...
Technology Primer: Monitor a Website in Minutes Using Shortcuts for Customer ...
CA Technologies
Applying Data Science to Your Business Problem
Applying Data Science to Your Business Problem
CA Technologies
CA Technologies Predictions for Identity Management in 2015 – The Application...
CA Technologies Predictions for Identity Management in 2015 – The Application...
CA Technologies
Case Study: Versent Helps Companies Get Started in the Application Economy Wi...
Case Study: Versent Helps Companies Get Started in the Application Economy Wi...
CA Technologies
Tech Talk: CA Live API Creator: APIs and the App Economy
Tech Talk: CA Live API Creator: APIs and the App Economy
CA Technologies
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
CA Technologies
Enabling a Hybrid Enterprise Application Launch Pad
Enabling a Hybrid Enterprise Application Launch Pad
CA Technologies
Tech Talk: Achieve a Customer-Centric View in an Omni-Channel World
Tech Talk: Achieve a Customer-Centric View in an Omni-Channel World
CA Technologies
Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in?
CA Technologies
Similaire à API Risk: Taking Your API Security to the Next Level
(20)
Tech Talk: Forty2.io: Leveraging Machine Learning to Protect Your Web Applica...
Tech Talk: Forty2.io: Leveraging Machine Learning to Protect Your Web Applica...
Case Study: Zain Kuwait Accelerates Digital Transformation in Telco with APIs...
Case Study: Zain Kuwait Accelerates Digital Transformation in Telco with APIs...
La Seguridad en la Economía de las Aplicaciones
La Seguridad en la Economía de las Aplicaciones
Inspire Your Enterprise and Become a Digital Change Agent Through Agile Archi...
Inspire Your Enterprise and Become a Digital Change Agent Through Agile Archi...
Tech Talk: CA Live API Creator MythBuster: Low Code is a Toy, not Enterprise ...
Tech Talk: CA Live API Creator MythBuster: Low Code is a Toy, not Enterprise ...
Case Study: How Adobe Secures, Manages and Deploys Enterprise Mobile Apps
Case Study: How Adobe Secures, Manages and Deploys Enterprise Mobile Apps
Pre-Con Ed: Knock, Knock, the IoT Wants to Come In
Pre-Con Ed: Knock, Knock, the IoT Wants to Come In
Tech Talk: Federate to an SAML-Enabled App in Minutes
Tech Talk: Federate to an SAML-Enabled App in Minutes
Identity and Access Management Survey: Current Market Challenges and Solutions
Identity and Access Management Survey: Current Market Challenges and Solutions
Securely Enabling the Digital Age
Securely Enabling the Digital Age
Case Study: HMS Delivers Sleek Application Deployments via CA Release Automation
Case Study: HMS Delivers Sleek Application Deployments via CA Release Automation
Technology Primer: Monitor a Website in Minutes Using Shortcuts for Customer ...
Technology Primer: Monitor a Website in Minutes Using Shortcuts for Customer ...
Applying Data Science to Your Business Problem
Applying Data Science to Your Business Problem
CA Technologies Predictions for Identity Management in 2015 – The Application...
CA Technologies Predictions for Identity Management in 2015 – The Application...
Case Study: Versent Helps Companies Get Started in the Application Economy Wi...
Case Study: Versent Helps Companies Get Started in the Application Economy Wi...
Tech Talk: CA Live API Creator: APIs and the App Economy
Tech Talk: CA Live API Creator: APIs and the App Economy
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Enabling a Hybrid Enterprise Application Launch Pad
Enabling a Hybrid Enterprise Application Launch Pad
Tech Talk: Achieve a Customer-Centric View in an Omni-Channel World
Tech Talk: Achieve a Customer-Centric View in an Omni-Channel World
Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in?
Plus de CA Technologies
CA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
CA Technologies
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
CA Technologies
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
CA Technologies
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
CA Technologies
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
CA Technologies
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
CA Technologies
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
CA Technologies
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
CA Technologies
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
CA Technologies
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
CA Technologies
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
CA Technologies
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
CA Technologies
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
CA Technologies
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
CA Technologies
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
CA Technologies
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
CA Technologies
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
CA Technologies
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
CA Technologies
Plus de CA Technologies
(20)
CA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
Dernier
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Alkin Tezuysal
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Wes McKinney
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
Karmanjay Verma
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
Karmanjay Verma
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Inflectra
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Farhan Tariq
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Mydbops
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Jeffrey Haguewood
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Mark Goldstein
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
Kaya Weers
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
itnewsafrica
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Neo4j
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
fnnc6jmgwh
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Pixlogix Infotech
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
Dernier
(20)
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
A Framework for Development in the AI Age
A Framework for Development in the AI Age
API Risk: Taking Your API Security to the Next Level
1.
World® ’16 API Risk: Taking Your API Security to the Next Level Tabish Tanzeem, CISSP - Senior Principal Consultant - CA Technologies Daniel Brudner, CISSP, CISA, CCSK -
Senior Principal Consultant - CA Technologies SCX25V SECURITY
2.
2 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD © 2016 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2016 presentation is intended for informational purposes only and does not form any type of warranty.
The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
3.
3 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Abstract Mobile applications and the Internet of Things will continue to transform the way users interact with the business—but how will we secure this access? For example, even as mobile payments have grown exponentially in the past 12–18 months, payment fraud from mobile devices has grown even faster. In this session, we’ll discuss how CA Advanced Authentication can be integrated with the CA API Gateway to provide a solution we call API Risk to address this challenge. API Risk provides a way to embed contextual risk analysis and/or strong authentication within the API calls to confirm device identities and ensure that end users are who they claim to be. Daniel Brudner & Tabish Tanzeem CA Technologies Security
4.
4 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Agenda IOT AND MOBILE TRENDS TRADITIONAL APPROACHES TO AUTHENTICATION LOGICAL ARCHITECTURE CA ADVANCED AUTHENTICATION CA API GATEWAY INTEGRATION 1 2 3 4 5 6
5.
5 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The IoT Ecosystem Sensor Network /Carriers IoT Gateway Cloud Open Data Platform IoT Platform Connected Car Smart Products Smart Utilities Smart Analytics ‘Makers’‘Users’ Home IoT Industrial IoT Information Technology Operations Technology Wearables Platforms Intelligent Gateways Consumers Connected Health
Smart Energy Smart Transportation Smart Factories Enterprise ‘Edge’ Systems Integration /Services
6.
6 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD IoT – Today and Tomorrow 2015 –
2025* 0 10 20 30 40 50 60 70 80 90 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 Billions * Scenario Based ( 2020 – 2025) 1 5 2 2 0 0 , connected IoT devices per minuteBy 2025 4 8 0 0 , connected IoT devices per minuteToday
7.
7 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Challenges with IoT § 80 Billion IoT
devices by 2025 (they all want to have Identities…) – need to manage exponentially more identities than current humans’ Identities § Dynamic high mobility of IoT devices creates more Risk – Devices appear and disappear in different locations – Need to uniquely identify the device – Need to identify changes in device fingerprint
8.
8 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Challenges with IoT § Manage interaction/relationship of IoT with other devices, humans, services -
IRM – Authentication – Authorization – Auditing – Administration § Traditional boarders are gone § Compute constrained resources (IoT devices) require delegation of authentication and authorization to less-constrained devices § How do I know the device has been compromised?
9.
9 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
10.
10 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD A Shift in Criminal Activity Cybercriminals are expanding their reach beyond traditional targets of consumer banking and credit cards. They are now looking to steal valuable data that is accessible online. The Top 5 Sectors Breached1 Healthcare 37% Retail 11% Education 10% Gov/Public 8% Financial 6% 95% Of [Web] incidents involve harvesting credentials stolen from customer devices, then logging into web apps with them2.1. Symantec Internet Threat Report 2015 2.
Verizon Data Breach Report 2015 World® ’16© 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD10
11.
11 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Traditional Approaches to Authentication 1. Forrester, “How To Get Away With Murder: Authentication Technologies That Will Help You Kill Passwords”, Andras Cser and Merritt Maxim, Sep. 2015. Something that you KNOW Something that you HAVE Something that you ARE 56% Of enterprises plan to move away from passwords in the next 36 months1. Passwords are the primary mechanism used for most online Internet Sites, but… And… [Forrester’s] survey found device-based authentication, fingerprinting, and one-time passwords combined with biometrics as having the greatest chance of augmenting then replacing passwords [for business-to-customer IAM].1
12.
12 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Have you considered the impact to your users? “User experience (UX) is an important selection criteria, ahead of both trust and total cost of ownership in a majority of organizations”1 “A Gartner survey of U.S. bank customers, conducted in the wake of banks introducing new authentication methods for retail banking in response to Federal Financial Institutions Examination Council (FFIEC) guidance, revealed that 12% of customers had considered changing banks because they found what their banks had done to be too onerous, and 3% actually changed banks. Poor UX led to lost businesss”1 1.
Gartner, “Market Guide for User Authentication”, Ant Allan, Anmol Singh, and David Anthony Mahdi, 12 February 2016.
13.
13 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD What if you could… Authenticate User with Simple Password From a Single Authentication Solution? Analyze Risk based on Behavior, Device and Location Initiate Step-Up Authentication when Risk is High
14.
14 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Contextual Authentication CA Risk Authentication™ Where is the identity? What is the identity trying to do? Is the action consistent with history? What device is being used? Introducing CA Advanced Authentication Versatile Authentication CA Strong Authentication™ CA Auth ID Q&A
OATH Tokens OTP – Out of Band CA Mobile OTP Two best-of-breed components that can be deployed individually or together
15.
15 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA Risk Authentication AUTHENTICATION METHODS RISK ANALYSIS TECHNIQUES Make real-time decisions based on the risk of the login attempt Where is the identity? What is the identity trying to do? Is the action consistent with history? What device is being used? § Behavioral risk modeling §
Dynamic Rules § DeviceDNA™ device identification § Transparent data collection § Mobile Risk KEY FEATURES § Frictionless customer experience § Deep integration with CA SSO § Reduce fraud risk § Control costs associated with fraud KEY BENEFITS
16.
16 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA Strong Authentication § Eliminates risk of stolen passwords §
Converts device into 2F credential § Variety of integration options § Highly configurable/scalable § Available on premise or in cloud KEY FEATURES § Easy for customer to use § Choice of authentication methods § Use across multiple channels § Enhanced security & compliance KEY BENEFITS AUTHENTICATION METHODS Identify the user using a range of authentication options CA Auth ID Q&A OATH Tokens OTP – Out of Band CA Mobile OTP
17.
17 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD But isn’t the Internet Portal dead? The digital transformation is underway Sources: 1. CA Vanson
Bourne Study 2. eMarketer study 3. McKinsey Global Institute, Disruptive Technologies, advances that will transform life, business and the global economy, May 2013 4. GMSA Intelligence, From Concept to Delivery, the M2M Market Today, Feb. 17, 2014 1.75B smartphone users in 2014 1 50B Connected devices (IoT) by 2020 3 25 Business apps per device2 >$100B in cloud spending this year 4
18.
18 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Something about Mobile Devices 63% Of mobile users will access online content through their mobile devices by 20171. 1. http://www.pcmag.com/article2/0,2817,2485277,00.asp 2.
http://www.statista.com/topics/779/mobile-internet 70% Of population worldwide will use smartphones by 20201. World® ’16© 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD18
19.
19 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD How Mobile Device Is Changing Authentication Authenticate WITH Authenticate TO Authenticate THROUGH In 2017, figures suggest that more than 63.4 percent of mobile phone users will access online content through their devices1. 1. http://www.statista.com/topics/779/mobile-internet/
20.
20 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD But What About the Mobile Apps? § Authentication is different §
App developers have a choice – Trust the device unlocking mechanism (e.g., Touch ID) – Supplement device security with app login § If authentication is built into app, then must decide – Do you prompt for credentials every time app is opened (not user-friendly) – Or do you save credentials on device (not very secure)
21.
21 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD How Our Solution Addresses Mobile Devices… AUTHENTICATION CA
ADVANCED AUTHENTICATION AUTHENTICATE WITH CA Advanced Authentication provides a CA Mobile OTP app for most smartphones and tablets. This 2FA credential is a secure software passcode generator that allows mobile phones and tablets to become a convenient authentication device. In addition, CA Advanced Authentication can also support out-of-band authentication, sending an OTP to the user via email, text, or voice. AUTHENTICATE TO When relying on the device security, CA Advanced Authentication can increase the security of the mobile app via a capability called Mobile Risk. This approach embeds libraries into the mobile app. When the user opens the app, the libraries will collect data from the device and forward it to CA Advanced Authentication for analysis. If the risk score exceeds a defined threshold, the solution can initiate a step-up authentication. AUTHENTICATE THROUGH CA Advanced Authentication can be integrated with external biometric solutions to support authentication through the device. This could include leveraging Apple Touch ID, voice prints, facial images, etc.
22.
22 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Risk Analytics – Why it’s Cool •
Effective analytics technique ideally suited for customers where routine fraud marking is not available. • Approach is based on assessing whether behavior is normal or abnormal. It is not based on prior fraud data. • Learns quickly, starts active assessment upon deployment. • No configuration or training. It can adapt to your user population.
23.
23 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Outside the Enterprise Internet of Things Mobile SaaS/Cloud Solutions AWS, Google, SFDC … Partner Ecosystems External Developers Within the Enterprise Secure Data Application Portfolio ID/Authentication Reporting & Analytics Internal Teams CA API Management The Building Blocks of Digital Transformation Secure the Open Enterprise ü Protect against threats and OWASP vulnerabilities ü
Control access with SSO and identity management ü Provide end-to-end security for apps, mobile, and IoT Integrate and Create APIs ü Easily connect SOA, ESB, and legacy applications ü Aggregate data including NoSQL up to 10x faster ü Build scalable connections to cloud solutions ü Automatically create data APIs with live business logic Unlock the Value of Data ü Monetize APIs to generate revenue ü Build digital ecosystems to enhance business value ü Create efficiencies through analytics and optimization Accelerate Mobile/IoT Development ü Simplify and control developer access to data ü Build a wider partner or public developer ecosystem ü Leverage tools that reduce mobile app delivery time
24.
24 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The Integration: Value Proposition § Return on Investment –
Enhanced security reduces fraud losses by protecting the brand § Faster Time to Value – SDK allows organizations to quickly deploy risk collectors into their mobile apps and IoT devices § User Convenience – Transparent risk analysis enhances app security without impacting user experience § Adaptability – Configurable rules engine allows administrators to create & modify risk rules to balance user/device convenience with threat mitigation
25.
25 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Mobile Devices Consumer Web Services
Applications Application Data Mobile App Enhancing App Security With Mobile Risk Process Flow The typical process is that the user opens the app on their mobile device, and may or may not prompted to authenticate before accessing enterprise applications and data. But…there is no real security beyond the password or PIN enforced by the App. In addition, because many Apps store a session token on the device, access can be easily compromised if the mobile device is stolen or lost. Mobile Risk can Address this Weakness!
26.
26 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Enhancing App Security With Mobile Risk Process Flow The first step is to embed the Mobile Device DNA data collectors within the Mobile App that you wish to protect. The SDK will communicate with the CA Advanced Authentication servers. CA Adv. AuthMobile Devices Consumer Web Services
Applications Application Data Mobile App SDK
27.
27 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA Adv. AuthMobile Devices Consumer Web Services
Applications Application Data Mobile App Enhancing App Security With Mobile Risk Process Flow When the identity opens the app, the SDK will transparently conduct a risk evaluation, which could occur after authentication but before user is given access to any data. SDK The SDK will collect device data and send it to the risk engine for analysis. Analysis includes: • Location • Device Identification • Identity Behavior
28.
28 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA Adv. AuthMobile Devices Consumer Web Services
Applications Application Data Mobile App Enhancing App Security With Mobile Risk Process Flow If the risk analysis returns a LOW Risk Score, the risk engine will return an “Approve” message and the identity will be allowed to continue to access application data. SDK
29.
29 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA Adv. AuthMobile Devices Consumer Web Services
Applications Application Data Mobile App Enhancing App Security With Mobile Risk Process Flow If the risk analysis returns a MEDIUM Risk Score, the risk engine can initiate a Step- Up Authentication process (e.g., push notification or out-of-band OTP). SDK After identity answers step-up challenge, they are allowed to access application data. Push Notification Out of Band Authentication
30.
30 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA Adv. AuthMobile Devices Consumer Web Services
Applications Application Data Mobile App Enhancing App Security With Mobile Risk Process Flow If the risk analysis returns a HIGH Risk Score, the risk engine could return a “Deny” message and the user would not be allowed to access any application data. SDK Access Denied
31.
31 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Consumer Mobile Devices Mobile App CA API Gateway Applications
Data CA Advanced Authentication Logical Architecture Risk analysis, behavior profiling, & step-up authentication AA Mobile SDK to collect risk data from device API SDK AA SDK
32.
32 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Consumer Mobile Devices Mobile App CA API Gateway CA Advanced Authentication IoT/Mobile App Risk Analysis Initial Process The SDK will collect risk data, which is transmitted for analysis to the AA servers via the Gateway The first step is to embed the CA Advanced Authentication SDK within the Mobile App that you wish to protect. AA SDK
33.
33 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Consumer Mobile Devices Mobile App CA API Gateway CA Advanced Authentication IoT/Mobile App Risk Analysis in Action Registration Process When user downloads Mobile App and Registers for the first time, the SDK will collect DeviceDNA
data so that CA Advanced Authentication can fingerprint the device. The device is associated with the identity and the fingerprint is stored for future comparisons. In addition, the solution can initiates an out-of-band or alternative authentication to validate the identity. AA SDK
34.
34 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Consumer Mobile Devices Mobile App CA API Gateway Applications CA Advanced Authentication IoT/Mobile App Risk Analysis in Action The Improved Process
Process Steps: 1. Identities opens app and authenticates with their User ID / password 2. Credentials validated by the CA API Gateway 3. Risk data collected from mobile device and sent for analysis 4. Risk engine evaluates contextual data and determines risk score Known device ? Jailbroken ? Negative IP or Country ? Typical Behavior ? Velocity ? etc. 5. If risk score is high, an out-of-band (OOB) challenge sent to identity 6. Identity responds to OOB challenge to validate their identity 7. If identity is validated, gateway routes API request and returns response NOTE: If risk score is to too high, the API request can also be blocked API SDK AA SDK
35.
35 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Top 5 Takeaways 1. The mobile device improves the browser authentication experience –
Easy intuitive experience – Provides a platform for security Mobility index 2. And mobile app authentication is becoming increasing important – Organizations are looking to apps as a way to reach their customers – Authentication is of course necessary 3. Mobile app authentication is lagging the browser – Risk assessment not prevalent – But will become important quickly 4. Users use multiple devices in multiple locations – You have to tie the activity together – Risk assessment that uses behavioral profiling and a mobility index can account for this 5. Mobile Device Identification gives us an important tool – More precise and more data available to make a decision – Can be done without invading the user’s privacy
36.
36 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Recommended Sessions SESSION # TITLE
DATE/TIME SCX73S Best Western Improves Security for 5M+ Rewards Members with Simeio Identity as a Service (IDaaS) Powered by CA Security 11/16/2016 at 3:00 pm SCX20S CA Roadmap: Authentication, Single Sign-On, Directory 11/17/2016 at 1:45 pm SCX50S Convenience and Security for banking customers with CA Advanced Authentication 11/17/2016 at 3:00 pm SCX75S Risk-aware access to Office 365™ 11/17/2016 at 3:45 pm SCX52S Protecting Qualcomm IP with CA Advanced Authentication 11/17/2016 at 4:30 pm
37.
37 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Don’t Miss Our INTERACTIVE Security Demo Experience! SNEAK PEEK! 37 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
38.
38 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD We want to hear from you! § IT Central is a leading technology review site. CA has them to help generate product reviews for our Security products. §
ITCS staff may be at this session now! (look for their shirts). If you would like to offer a product review, please ask them after the class, or go by their booth. Note: § Only takes 5-7 mins § You have total control over the review § It can be anonymous, if required
39.
39 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Questions?
40.
40 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Stay connected at communities.ca.com Thank you.
41.
@CAWORLD #CAWORLD © 2016 CA. All RIGHTS RESERVED.41 @CAWORLD #CAWORLD Security For more information on Security, please visit: http://cainc.to/EtfYyw
Télécharger maintenant