Secure APIs development workshop
API’s are awesome! API’s provide programmability & stickiness to our products and services. The most important aspect of developing APIs in critical infrastructure products is to ensure that overall service security is maintained. It is often difficult to ensure that new API’s do not increase the threat surface or introduce any new vulnerabilities into our current or future services. Our customers and partners are depending on us to minimize this vulnerability exposure risk as they adopt programmability. This hands-on workshop session is designed to create a security-first mindset as we develop and test new API’s. The session will include how to establish secured code development process for your APIs, how to choose your API authentication schemes (Outh, token…etc). The most valuable part of this session will be the API threat analysis process, this process helps identify possible vulnerabilities due to our design, how we address these vulnerabilities during design, development and testing phase of APIs.
Ideally, attendees should install a set of prerequisites on their development machines prior to the workshop. Please follow the steps indicated here: http://cs.co/wsprereq (DevNet accepts most of the social logins to authenticate).