API Security: The good, the bad, the ugly

Episode 3: Protecting APIs in the age of AI with Julianna Lamb from Stytch

In our 3rd episode of "API Security: The Good, The Bad, The Ugly", we're gonna get deep into protecting APIs in the age of AI with Julianna Lamb, Co-founder and CTO of Stytch, a developer-first identity and access management platform. Shaped by her years of experience as a backend engineer and product manager, Julianna is an avid advocate for the importance of a robust engineering culture and has extensive knowledge on team building and development. She is skilled in utilizing modern developer tools to boost engineering teams' speed and has been a speaker at conferences such as Slush, Render, and Collision. In this episode of Akto's podcast, discover strategies for monitoring, detecting anomalies, and securing APIs against evolving threats. This is a captivating mix of profound technical insights and compelling personal experiences, meticulously crafted for security aficionados and those who just want to learn. 🎙️ Stay tuned to "API Security: The Good, The Bad, The Ugly" for more enlightening episodes.

Episode 2: Ashwani Mahajan from SoFi explores critical security practices for API security

API Security: the good, the bad, the ugly. This time with Ankita Gupta & Ashwani Mahajan.  Join Ankita Gupta, founder of Akto, as she hosts Ashwani Mahajan, a seasoned application security engineer from SoFi, a leading fintech firm. This episode is a deep dive into the realm of API security and the critical elements to keep in mind before rolling out into production.  Some Key Takeaways:    Communication is King: Ashwani highlights the indispensability of seamless communication with stakeholders. Aligning with the code warriors, the engineering teams, is the first step to an integrated security approach.  Know Your APIs: An inventory that maps out all existing APIs and those in the pipeline is foundational. Keeping an eye on third-party services integration is equally pivotal.  Tooling Matters: For holistic API security, investing in top-notch tools that detect intricate attacks and spot security misconfigurations is essential.  Talk to Your Developers: Beyond just tools, Ashwani underscores the essence of nurturing a symbiotic relationship with developers—education, resources, documentation, and constructive feedback loop are the cornerstones.  Act, Analyze & Amend: The discovery of a vulnerability is just the beginning. Grading its severity and acting accordingly is crucial. Post-remediation analysis helps understand the 'how' and 'why' of the breach, preventing future lapses.  Developer's Toolkit: From the nitty-gritty of authentication and authorization to the vital aspects of input validation and sanitization, Ashwani shares pro-tips for developers.  Third-party API Security: The world of third-party APIs presents its own set of challenges. The key is to comprehend their integration purpose, be well-acquainted with their docs, keep a tab on data-sharing protocols, and always ensure updated encryption and dependencies.  Golden Advice for Newbies: To budding security engineers, Ashwani’s wisdom? Immerse yourself in the business. A keen understanding of the company's heart and soul—its operations and services—sets the stage for a foolproof security strategy.  Step into the intricate maze of API security with two industry stalwarts, and emerge with a trove of insights, best practices, and actionable advice. Perfect for developers, security enthusiasts, and fintech aficionados!

Ep1: Common API vulnerabilities with Avinash 'logicbomb' Jain from Microsoft

In this inaugural episode of "API Security: The Good, The Bad, The Ugly", Harsh Bothra, a distinguished Senior Consultant, takes the helm as he sits down with Avinash Jain, better known by his pseudonym 'logicbomb'. Avinash, an esteemed information security researcher, currently working at Microsoft, has an impressive track record. His prowess in pinpointing vulnerabilities has garnered accolades from giants like Google, Yahoo, NASA, and more. If you've ever stumbled across intricate security breakdowns on blogs or articles highlighted by top-tier media outlets such as Forbes, BBC, and Techcrunch, there's a good chance you've encountered Avinash's insights. Beyond his professional accolades, Avinash's voracious appetite for learning and sharing is evident. He’s not just an advocate for cybersecurity; he's a prominent voice in its discourse, gracing stages at renowned conferences including DEFCON. When he's not delving into the intricacies of security vulnerabilities, Avinash unwinds with cricket, football, and, of course, more writing. In this episode, dive into a captivating conversation that oscillates between API vulnerabilities, cybersecurity career advice, bug bounties, and more. It’s an engaging blend of technical depth and personal anecdotes, curated for both avid security enthusiasts and the casually curious. 🎙️ Stay tuned to "API Security: The Good, The Bad, The Ugly" for more enlightening episodes. Follow Avinash: Website: https://logicbomb.in/ [https://logicbomb.in/] Medium: https://logicbomb.medium.com/ [https://logicbomb.medium.com/] Twitter: https://twitter.com/logicbomb_1 [https://twitter.com/logicbomb_1] Facebook: https://www.facebook.com/avinash.jain.359/ [https://www.facebook.com/avinash.jain.359/] LinkedIn: https://www.linkedin.com/in/avinashjain619/ [https://www.linkedin.com/in/avinashjain619/]