API Security Day 2024 - Powered by APIDays and Escape

Explore the 2024 Agenda

9:45 am

Welcome and Opening Remarks

10:00 am

The Ghost of APIs Past

Learn more

The Ghost of APIs Past will explore the dangers of abandoned and unsupported endpoints. Improper API inventory management is the gateway to exploitation. This presentation dives into real-world incidents where rogue APIs led to breaches, leaks, and operational inefficiencies. Attendees will gain insight into how and why APIs are forgotten and how we can correct course to discover APIs and improve lifecycle management.

Corey Ball

Author and Sr. Manager - Penetration Testing at Moss Adams

10:25 am

Scaling API Security

Learn more

APIs power nearly every modern application and represent over 80% of global web traffic. Yet, despite their ubiquity and importance, API security remains a significant challenge for enterprises, especially those with thousands of developers across hundreds of teams. Many security engineers cannot even identify all the APIs their company exposes—let alone secure them. This talk dives into why API security is so critical, why securing APIs at scale is uniquely difficult in large organizations, and where current security solutions fall short. We’ll explore practical, scalable methods for API discovery, documentation generation, and vulnerability detection, offering an effective path for enterprise security teams to achieve continuous API security.

Antoine Carossio

CTO & Co-founder of Escape

11:10 am

API security in the age of AI

Learn more

As Generative AI becomes more deeply integrated into organizations, the question of its security is increasingly critical. This talk will examine the growing number of Generative AI use cases and the essential role of various APIs in each stage—from accessing services of LLM (Large Language Model) providers to retrieving data for RAG (Retrieval-Augmented Generation) and enabling end-user interactions. Through an analysis of recent attacks on LLMs, we will provide clear security recommendations that can be applied at the API level to help organizations better protect these integrations.

Vincent Fély

Information Security Expert - API Security, Groupe BPCE

11:35 am

Layered Approach of API Security Strategies and its Business Impact

Learn more

In this talk, we’ll dive into a layered approach to API security, exploring essential strategies that protect APIs while aligning with business goals. We'll cover briefly the current API security landscape, its roadmap, and best practices to secure APIs that minimize risk and drive business value.

Akansha Shukla

Security Domain Expert,
ABN AMRO NL

12:00 pm

Panel: Implication de l’IA générative sur la sécurité des API

Learn more

Generative AI is transforming how businesses operate, but it’s also raising new security questions, especially around APIs. In this panel, three experts will unpack the real-world impact of generative AI on API security, diving into the risks, unexpected vulnerabilities, and practical steps companies can take to protect themselves. We'll explore how to balance innovation with security, helping organizations stay resilient as they adopt these powerful new technologies. This panel will be conducted in French.

Marine du Mesnil

Head of Cybersecurity Tribe, Theodo

Vincent Fély,

Information Security Expert - API Security, Groupe BPCE

Régis Senet,

Head of Cybersecurity, Shares

12:30 pm

Lunch break

1:50 pm

Secure SDLC for Modern APIs

Learn more

In this talk, we will explore which security practices GitGuardian has introduced in its Software Development Life Cycle (SDLC), to ensure its API based applications are robust for our small and large clients.
We will discuss common SDLC pitfalls, secure coding standards, and continuous security testing. Attendees will gain insights into safeguarding their APIs while ensuring maximum development velocity.

Kayssar Daher

Lead Security Engineer,
GitGuardian

2:15 pm

High-security & interoperable OAuth 2: What’s the latest?

Learn more

OAuth is a widely used authorization framework that enables third-party applications to access resources on behalf of a user. However, it has historically been difficult to meet very high security and interoperability requirements when using OAuth. Joseph has spent much of the last six years working to improve the state of the art and will present the latest developments in the field.

There are challenges when trying to achieve high security and interoperability with OAuth 2: There are many potential threats, some not part of the original OAuth threat model. For seamless authorizations, optionality must be minimized in OAuth itself and also in any extensions used.

Seven years ago, the IETF OAuth working group began work on the Security Best Current Practice document and more recently on OAuth 2.1. Meanwhile, the OpenID Foundation has created FAPI1 and FAPI2 security profiles.In this talk you will learn the focus of each document and when to use which. See how to achieve on-the-wire interoperability and security using techniques like asymmetric client authentication and sender-constraining via DPoP and MTLS. You'll leave understanding the benefits for implementers and the role of conformance testing tools.

Joseph Heenan

CTO, Authlete

2:40 pm

Introduction to Securing APIs: Best Practices for Frontend Developers

Learn more

As APIs become central to modern web applications, understanding how to secure them is crucial for developers. This introductory session will cover essential security practices for APIs from a frontend developer's perspective, offering practical insights and actionable strategies to help ensure your APIs are both secure and reliable.

Damilola Ale

Frontend Engineer, Evolve Credit

3:05 pm

Military-Grade Security for APIs

Learn more

Some APIs require tighter security than others, for example, financial applications. After all, breaching a bank’s API is far more severe, than a cookbook recipes API. An important part of API security is the process of obtaining tokens with OAuth or OpenID Connect flows. In this talk I will present the extensions to OAuth and OIDC recommended for sensitive applications. The cryptic names of PAR, JARM, mTLS, and PoP tokens will finally get meaning.

Michał Trojanowski

Product Engineer, Curity

3:55 pm

Building A Security-Centric Developer Platform

Learn more

We can all agree that security must become part of the everyday developer's experience. But this is easier said that done! How do we create a smooth developer experience, without impacting productivity while satisfying the App Sec team requirements ?

Isabelle Mauny

Field CTO, WSO2

4:20 pm

Why We Should All Be API Hackers

Learn more

APIs are the backbone of modern applications, enabling seamless communication and data exchange. However, their widespread use makes them prime targets for cyberattacks. In this presentation, we'll explore why keeping our APIs secure is not just an engineer's job—it's everyone's responsibility. We’ll do that through a hands on exercise seeing how anyone can play a role in spotting security flaws, even non-technical associates. The audience will be able to do the exercise from their phone live. You’ll walk away with a new perspective. Your application, your team, and your organization will thank you.

Desmond Lamptey

Lead Software Engineer, Capital One

4:45 pm

Do not live in the Shadow (APIs)

Learn more

This talk delves into the risks of shadow APIs in software development, offering strategies for identifying and mitigating their impact. Through real-world examples, you will gain insights into building more resilient systems.

Teresa Pereira

Threat Hunter, Siemens Energy

5:10 pm

Closing remarks

API Security Day

API Security Day is powered by

Learn from modern API security leaders

100,000+ attendees

10+ expert speakers

Connect with fellow API security experts

Explore the latest innovations in API Security

2024 Speaker Lineup

Corey Ball

Vincent Fély

Akansha Shukla

Antoine Carossio

Teresa Pereira

Régis Senet

Damilola Ale

Isabelle Mauny

Desmond Lamptey

Michał Trojanowski

Kayssar Daher

Marine du Mesnil

Joseph Heenan

Explore the 2024 Agenda

Secure your spot today