Wednesday, October 27, 2021

PRO TALK (API): API Security and Compliance – Onboarding Developers into Organization 2.0.
Join on Hopin
Rémi Le Mer
Rémi Le Mer
Qualys, Security Solution Architect

Over the past decade, we have witnessed a growing attempt to put security in the SDLC and to promote the "virtuous cycle." It is also true with API development. However, risk assessment campaigns still come too late in the dev cycle, and IT Security teams struggle to identify the risk earlier in cooperation with Dev teams. The OpenAPI Specification provides a set of rules and best practices to keep the interoperability in the ecosystem, and OWASP's API Security Top 10 gives an overview of the risks at play. In this talk, we'll present several use-cases of public APIs and their level of compliance with OAS standards, and we will suggest ways to remediate faster through a simple workflow between GRC, Security Operations, and Development Teams.