Table of Content

Part 1: Introduction to API and Security 

  • Fundamentals of APIs: Understanding RESTful and SOAP APIs
  • API Security: Importance and Implications
  • Current landscape of API security

Part 2: Common API Security Threats 

  • Understanding the OWASP API Security Top 10
  • Exploring common API vulnerabilities: Injection, Improper assets management,
    Excessive data exposure
  • Case studies of real-world API security breaches

Part 3: API Security Measures 

  • Authentication and Authorization: OAuth, JWT, OpenID Connect
  • Role of encryption in API security
  • Strategies for securing APIs: Rate limiting, IP whitelisting, and more
  • Building secure API from the ground up: secure coding practices

Part 4: Advanced API Security Techniques 

  • API gateway security measures
  • Microservices and API security
  • Security in GraphQL and gRPC APIs

Part 5: Hands-on Workshop 

  • API security hands-on workshop: Implementing secure API with a guided example
  • Q&A session
    Attendees should have a basic understanding of APIs and security principles.


Learning Objectives:

  • Understanding API architecture and security threats
  • Identifying and mitigating common API vulnerabilities
  • Applying security best practices in the design and implementation of APIs
  • Familiarizing with modern API security tools and techniques
  • Case studies of real-world API security incidents

Intended Audience:

Security professionals, software developers, system architects, DevOps engineers, or anyone
interested in API security.

Jayesh Ahire
Roshan Piyush
Hall Name: Hall 3
Time: 4 Hour

This advanced training is designed to help attendees navigate the complex realm of API
security, providing a comprehensive understanding of the strategies, techniques, and best
practices required to secure APIs in a modern infrastructure. This deep-dive will demystify the
concept of API security, while introducing attendees to the critical skills necessary for designing,
implementing, and maintaining secure APIs.

About Speakers

Jayesh Ahire is the Product Manager at TraceableAI where he works on the Company’s
API Security initiative. He is the maintainer of OWASP crAPI, Hypertrace, and many
other notable OSS Projects. He is AWS ML Hero, Twilio champion, and runs API
Security Global Community. He also runs AWS UG, Elastic UG, TensorFlow UG, and
many other communities in US and India. His research interest involved Distributed
neural computers and Defi. In his free time, he likes to read and these days he is
learning to play the piano.

linkedin, linkedin icon, linkedin logo-3000959.jpg

Roshan Piyush is Security Research Engineer at Traceable AI, solving API Security
using the powers of Machine Learning and Distributed Tracing. He has 8+ years of
research experience mainly focusing on API Security for the last 5+ years. He loves
building security stacks, tools, and solutions. He is also a core member of the Owasp
Coraza WAF team and a leader of the Owasp crAPI project.

linkedin, linkedin icon, linkedin logo-3000959.jpg