CyberSecurityBoard
Sponsor Register Login

Managing API Contracts and OpenAPI Documents at Scale

This global event for API practitioners gets bigger.
This year the event was held in the newly renovated CNIT Forest - a central and easy to join location in the Paris La Defense business area.
Many of us were amazed by the number of talks and exhibitors showing their latest advances in API Design, API Management, and Event Driven Management gateways and the many discussions around OpenAPI, JSON-Schema, and GraphQL. As a sponsor of API Days Paris, Cisco DevNet - Cisco's developer program - offered a booth where we engage 100+ conversations with attendees and discussed how to build and publish robust APIs, sharing our experience driving API Quality and Security initiatives.
DevNet offered 2 talks explaining the importance of API Contracts, how we are evaluating and scoring our APIs internally, and also the challenges that come with the lifecycle and management of OpenAPI documents.
We were able to show why and how a successful API-first strategy not only encourages consistent practices when designing, versioning, and documenting APIs, but also lets you look into testing and observing live traffic to ensure APIs behave as per their contract.
In this regard, we offered demonstrations of the latest version of Panoptica - Cisco Cloud Application Security solution - with a particular focus on API Security.
If you are interested in this topic, we encourage you to schedule a live demo of Panoptica.
Panoptica Learning Lab: This hands-on tutorial will take you all the way from zero to detecting API drifts from live traffic observations.
Why API Contracts matter: In this talk we define what is an API Contract and the maturity model used at Cisco to evaluate the quality of API Contracts.
We will then dive into strategies and OpenAPI tools to automatically score APIs.
Managing OpenAPI Documents at scale: In this talk, we will discuss strategies for managing OpenAPI documents at scale, leveraging lessons learned from Cisco's extensive use of OpenAPI specifications across its REST API portfolio.
We will delve into standardization, version control, automation, and modularization.
Join this session to gain insights into challenges faced in handling very large documents, ensuring compliance, and maintaining consistency.
We are looking forward to meeting again next year for API Days Paris 2024, Dec 3-5th 2024.


This Cyber News was published on feedpress.me. Publication date: Wed, 20 Dec 2023 20:43:12 +0000


Cyber News related to Managing API Contracts and OpenAPI Documents at Scale

Managing API Contracts and OpenAPI Documents at Scale - This global event for API practitioners gets bigger. This year the event was held in the newly renovated CNIT Forest - a central and easy to join location in the Paris La Defense business area. Many of us were amazed by the number of talks and ...
1 year ago Feedpress.me
Defining Good: A Strategic Approach to API Risk Reduction - A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment. That standard, if communicated and enforced effectively, will not only positively affect how a developer designs ...
11 months ago Securityboulevard.com
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
11 months ago Darkreading.com
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
1 year ago Imperva.com
Unified API Protection - A massive segment of organizations' digital footprint today is built around internal and external APIs. As more IT leaders realize and acknowledge the size of APIs' influence, it's become clear that new methods are needed to secure those APIs. While ...
1 year ago Cequence.ai
That time I broke into an API and became a billionaire - This included an internal API with a dependency on a third-party banking API. We'll get to the banking API later in this story. That's all thanks to developers embracing agile development, microservices, and API gateway redirection that exposed ...
1 year ago Securityboulevard.com
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
11 months ago Cybersecurity-insiders.com
Virustotal Shares New Ideas to Track Threat Actors - In a recent presentation at the FIRST CTI in Berlin and Botconf in Nice, VirusTotal unveiled innovative methods to track adversary activity by focusing on images and artifacts used during the initial stages of the kill chain. Traditionally, threat ...
6 months ago Cybersecuritynews.com
The Hidden Risks Within Ethereum's CREATE2 Function: A Guide to Navigating Blockchain Security - Today, we're delving into a less talked about yet critical issue in the blockchain community: the security risks associated with Ethereum's CREATE2 function. Highlights Unlocking New Possibilities, Inviting New Risks: Ethereum's CREATE2 function, ...
9 months ago Blog.checkpoint.com
CVE-2021-41264 - OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 ...
3 years ago
API Security in 2024: Navigating New Threats and Trends - As we step into 2024, the landscape of API security is at a critical juncture. The previous year witnessed a significant escalation in API-related breaches, impacting diverse organizations and bringing to light the critical vulnerabilities in API ...
10 months ago Cybersecurity-insiders.com
7 Essential Practices for Secure API Development - The necessity for API security cannot be overstated. Authentication and Authorization Authentication and authorization form the cornerstone of secure API interactions. In the world of API security, managing identities accurately ensures that only ...
9 months ago Feeds.dzone.com
API Gateways and API Protection: What’s the Difference? - Security Boulevard - At the security level, API security tools and gateways provide different controls to protect APIs from various threats. API protection – or API security – refers to a comprehensive set of security capabilities designed to protect APIs from a wide ...
2 months ago Securityboulevard.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
1 year ago Securityboulevard.com
Optimizing API Lifecycles - In this article, we will delve into the intricacies of optimizing API lifecycles-an essential aspect for product managers navigating the dynamic landscape of digital integration. From conceptualization to retirement, understanding and implementing ...
1 year ago Feeds.dzone.com
Meta sues ex VP of Infrastructure for 'trade secret theft' The Register - Over the course of his 12-year employment at the Facebook giant, Dipinder Singh Khurana - also known as T.S. Khurana - rose to the rank of vice-president of infrastructure. He left the mega-corp in June 2023 to take a position as senior veep of ...
9 months ago Go.theregister.com
CVE-2023-20136 - A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user ...
1 year ago
API Analytics - Managing APIs effectively is no longer just about designing and deploying them-it's also about harnessing the power of data-driven insights through API analytics. In this article, we'll explore the transformative role of API analytics in enhancing ...
1 year ago Feeds.dzone.com
API security in 2024: Predictions and trends - As technology continues to advance at an unprecedented pace, so does the complexity of API security. With the proliferation of APIs in modern applications and services, organizations will need to develop a better understanding of their API ...
11 months ago Helpnetsecurity.com
API Security: The Big Picture - Given this, it is no surprise that API security is a top priority for many security teams in the coming year. Here are 10 strategic things to look for in an API security offering. Multiple Environment Capability API security isn't very helpful if it ...
1 year ago Darkreading.com
Navigating API Governance: Best Practices for Product Managers - As the complexity of API ecosystems grows, the need for robust governance becomes paramount. In this article, we will explore in-depth the best practices for product managers in navigating API governance, ensuring secure, scalable, and compliant ...
1 year ago Feeds.dzone.com
The 9 Most Essential API Security Tools to Protect Against Cyber Threats - Understanding the importance of API security is crucial as technological advancements across various industries continue to make our lives easier. Through APIs connecting different systems and services together, automation is becoming increasingly ...
1 year ago Csoonline.com
How Does Automated API Testing Differ from Manual API Testing: Unveiling the Advantages - Delve into automated versus manual API testing for efficient software delivery. See how automation speeds validation while manual testing provides human insight, ensuring comprehensive coverage for robust development. In the domain of software ...
10 months ago Hackread.com
Kubescape open-source project adds Vulnerability Exploitability eXchange support - With its innovative feature for generating reliable Vulnerability Exploitability eXchange documents, Kubescape became the first open-source project to provide this functionality. This advancement offers security practitioners a powerful tool to ...
1 year ago Helpnetsecurity.com
How AI is revolutionizing "shift left" testing in API security - Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. For developers who are not security experts, fixing code or knowing business logic abuse possibilities can be ...
1 year ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)