Trends in API Security

Filip Verloy (@filipv, Field CTO at @NonameSecurity) talks about the latest trends in API security, how you could be a victim of a Moveit attack, and moreSHOW: 743CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:Reduce the complexities of protecting your workloads and applications in a multi-cloud environment. Panoptica provides comprehensive cloud workload protection integrated with API security to protect the entire application lifecycle.  Learn more about Panoptica at panoptica.appFind "Breaking Analysis Podcast with Dave Vellante" on Apple, Google and SpotifyKeep up to data with Enterprise Tech with theCUBESHOW NOTES:Noname Security (homepage)Moveit attack blogNoname academy - Learn about API securityTopic 1 - Welcome to the show. We’ve worked together in the past at previous companies, it’s great to catch up again. For those out there that don’t know you, tell us a little bit about your background, and how you got involved in API security.Topic 2 - We keep hearing about APIs and API security but in a roundabout way. We hear on tech news that data has been leaked, customer accounts and info got out. There have been many high profile, well known instances. What often isn’t reported is the way in which the breaches happen. More times than not it is API’s and improper security, correct?Topic 3 - What are the most common problems you see in organizations? What problems do folks bring you in to solve? Why isn’t a WAF (web application firewall) enough?Topic 4 - Security, no matter the type, can be a tough sell sometimes. It’s hard to do an ROI on something that hasn’t happened for instance. What are your thoughts on this?Topic 5 - As a followup, who is the audience that has the budget? CISO’s don’t typically come from a developer background, true?Topic 6 - What are the typical steps on a journey towards securing APIs. Where do most folks start (assuming nothing, maybe a WAF at best) and how far does it go. Identification, automated remediation, etc.Topic 7 - It seems every industry is being impacted in some way by AI/ML. How do you see this playing a role in the future of API security?FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet