About APIsecure
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security. Never before has a conference been focused solely on teaching the tactics and techniques in hacking APIs to red teams and how to defend against them to blue teams. This conference will feature multiple tracks of curated content, each dedicated to offense and defense from some of the most well known cybersecurity influencers and hackers in API vulnerability research.
APIsecure was co-founded by apidays, and Melissa and Alissa Knight, a renowned API hacker who’s literally writing the book on hacking APIs and who published some of the most widely known and controversial research papers in hacking passenger vehicles, financial services, fintech, and healthcare APIs over the last decade.
Powered by apidays and Knight Events
About apidays
Through its 10 years of existence, apidays has become the leading tech and business conference in APIs and the programmable economy.
About Knight Events
Purveyors of cybersecurity events that bring together red teams and blue teams for capacity building in tactics and techniques for creating the next generation of more effective breakers and defenders.
AGENDA
DAY 1
Select arrow_drop_down
Welcome and Opening Remarks
Alissa Knight 
Melissa Knight 
Mehdi Medjaoui
Scorched Earth: How I Hacked 55 Banks and Cryptocurrency Exchanges
A tell-all presentation on my vulnerability research campaign into hacking 55 banks and cryptocurrency exchanges.
State of the API Security Market: A VC's Perspective
Dave DeWalt VC and business mogul, Dave DeWalt provides his perspective on the state of the API security market.
Go Hack Yourself: API Hacking For Beginners
Dr. Katie Paxton-Fear Dr. Katie Paxton-Fear provides a cradle-to-grave walkthrough on how to hack APIs for beginners.
10:40 am remove 11:05 am
keyboard_arrow_down
Hacking APIs 101 with MindAPI
David Sopas 11:30 am remove 11:55 am
keyboard_arrow_down
The State of FHIR API Security in Healthcare
Grahame Grieve 
John Moehrke 1:10 pm remove 1:35 pm
keyboard_arrow_down
API Security Through External Attack Surface Management
Phillip Wylie 1:35 pm remove 2:00 pm
keyboard_arrow_down
vAPI: Vulnerable Adversely Programmed Interface
Tushar Kulkarni 2:00 pm remove 2:25 pm
keyboard_arrow_down
Method for Exploiting IDOR on nodejs+mongodb based backend
Luis Alvarado Day 2:25 pm remove 2:50 pm
keyboard_arrow_down
Raw and Unbridled Truth: Healthcare APIs
Jasmine M. Jackson 
Nina Alli 3:10 pm remove 3:35 pm
keyboard_arrow_down
Securing APIs with Open Standards
Ryan Rutan 
Vitthal Shinde
Welcome and Opening Remarks
Scorched Earth: How I Hacked 55 Banks and Cryptocurrency Exchanges
A tell-all presentation on my vulnerability research campaign into hacking 55 banks and cryptocurrency exchanges.
State of the API Security Market: A VC's Perspective
VC and business mogul, Dave DeWalt provides his perspective on the state of the API security market.
10:40 am remove 11:05 am
keyboard_arrow_down
Creating an API Security Strategy From a CISO's Perspective
11:05 am remove 11:30 am
keyboard_arrow_down
Evolution of the OWASP API Security Top 10
Paulo Silva 11:30 am remove 11:55 am
keyboard_arrow_down
Lobbying For an API Security Budget
Christine Vanderpool 11:55 am remove 12:20 am
keyboard_arrow_down
We're Not in AppSec Anymore Toto, API Security For the Enterprise
Alyssa Miller 1:10 pm remove 1:35 pm
keyboard_arrow_down
Stories on the Need For API Security in Healthcare
Dan Munro 1:35 pm remove 2:00 pm
keyboard_arrow_down
Secure your APIs with WAF in AWS
Kuldeep Pisda 2:00 pm remove 2:25 pm
keyboard_arrow_down
Securing API Tokens on Github
Jose Palafox 2:25 pm remove 2:50 pm
keyboard_arrow_down
Why Assertion-based Access Token is Preferred to Handle-based One
Yoshiyuki Tabata 3:10 pm remove 3:35 pm
keyboard_arrow_down
Anomaly Detection is no Longer a Strategy: Your Anomalies are Valid Traffic vs Majority of Attacker Traffic
Christine Bottagaro
Welcome and Opening Remarks
Scorched Earth: How I Hacked 55 Banks and Cryptocurrency Exchanges
A tell-all presentation on my vulnerability research campaign into hacking 55 banks and cryptocurrency exchanges.
State of the API Security Market: A VC's Perspective
VC and business mogul, Dave DeWalt provides his perspective on the state of the API security market.
10:40 am remove 11:05 am
keyboard_arrow_down
Harnessing the Speed of Innovation
Jyoti Bansal 11:05 am remove 11:30 am
keyboard_arrow_down
API Catalog: First Step Towards API Security
Amod Gupta 11:30 am remove 11:55 am
keyboard_arrow_down
Shifting Right on APIs
Karl Mattson 11:55 am remove 12:20 pm
keyboard_arrow_down
From Shift Left to Full Circle: A Pragmatic Approach to Catching Up and Keeping Up with API Security
Chuck Herrin 1:10 pm remove 1:35 pm
keyboard_arrow_down
The Illusion of Proactive Code Hardening Against Business Logic Attacks, Myth vs. Reality
Justin Behar 1:35 pm remove 2:00 pm
keyboard_arrow_down
API Abuse: How Data Breaches Now and in the Future Will Use APIs as the Attack Vector
Sudeep Padiyar 
Tim Davis 2:00 pm remove 2:25 pm
keyboard_arrow_down
Hackers withValid or Stolen Credentials and API Security: Beyond OWASP Top 10
Bernard Harguindeguy 2:25 pm remove 2:50 pm
keyboard_arrow_down
API Security Testing: The Next Step in Modernizing AppSec
Scott Gerlach 3:10 pm remove 3:35 pm
keyboard_arrow_down
Understanding API Abuse With Behavioral Analytics
Giora Engel 3:35 pm remove 4:00 pm
keyboard_arrow_down
Realizing the Full Cloud Native Potential With a Multi-Layered Defense Approach
Ory Segal
Welcome and Opening Remarks
Scorched Earth: How I Hacked 55 Banks and Cryptocurrency Exchanges
A tell-all presentation on my vulnerability research campaign into hacking 55 banks and cryptocurrency exchanges.
State of the API Security Market: A VC's Perspective
VC and business mogul, Dave DeWalt provides his perspective on the state of the API security market.
10:40 am remove 11:05 am
keyboard_arrow_down
How to Approach the Security of APIs at Scale
Ping Identity 10:40 am remove 11:05 am
keyboard_arrow_down
API Security: Thinking Like an Attacker
WIB 11:05 am remove 11:30 am
keyboard_arrow_down
Here Come the Questions: Answer to the Board and Executive Leadership About API Security
11:30 am remove 11:55 am
keyboard_arrow_down
API Security with Traceable API
Traceable AI 11:30 am remove 11:55 am
keyboard_arrow_down
The Need for Automation in API Security
Salt Security 1:10 pm remove 1:35 pm
keyboard_arrow_down
Critical Features of an API Security Program
Noname Security 1:10 pm remove 1:35 pm
keyboard_arrow_down
The Next Chapter After ModSec: A Smarter Inclusive Rules Engine
2:00 pm remove 2:25 pm
keyboard_arrow_down
Real-time and Real-life Attackers' View
Cequence Security 2:00 pm remove 2:25 pm
keyboard_arrow_down
Top 10 API Vulnerabilities Found in the Wild
AGENDA
DAY 2
Select arrow_drop_down
Welcome and Opening Remarks
9:10 am remove 9:50 am
keyboard_arrow_down
Hacking and Defending APIs
Corey Ball 
Robert Wagner 9:50 am remove 10:20 am
keyboard_arrow_down
Exploiting Multi-step Business Logic Vulnerabilities in APIs
Inon Shkedy 10:40 am remove 11:05 am
keyboard_arrow_down
API Security: A CISOs Perspective
Rinki Sethi 
Gary Hayslip 11:30 am remove 11:55 am
keyboard_arrow_down
Vaishali's Guide to Hacking APIs with Business Logic Flaws
Vaishali Nagori 1:10 pm remove 1:35 pm
keyboard_arrow_down
Anatomy of an API Attack: Applying MITRE Framework to API Threat Modeling
Upendra Mardikar 
Renata Budko 2:00 pm remove 2:25 pm
keyboard_arrow_down
Workshop: Training Future Women and Nonbinary in API Security
11:05 am remove 2:25 pm
keyboard_arrow_down
Panel: Demystifying the API Security Landscape
Ashish Kuthiala 3:15 pm remove 3:40 pm
keyboard_arrow_down
Lessons Learned in Hacking 4 Million Patient Records Through FHIR APIs
3:40 pm remove 4:00 pm
keyboard_arrow_down
Conference Closing Keynote
Baptiste Parravicini
Welcome and Opening Remarks
9:10 am remove 9:50 am
keyboard_arrow_down
Hacking and Defending APIs
9:50 am remove 10:20 am
keyboard_arrow_down
Exploiting Multi-step Business Logic Vulnerabilities in APIs
10:40 am remove 11:05 am
keyboard_arrow_down
Securing FHIR APIs in Healthcare
11:05 am remove 11:30 am
keyboard_arrow_down
Designing and Implementing a FHIR API Security Plan
11:30 am remove 11:55 am
keyboard_arrow_down
Top Ten Security Tips for APIs
Tanya Janca 11:55 am remove 12:20 pm
keyboard_arrow_down
Monitoring and Responding to API Breaches
Carolina Ruiz 1:10 pm remove 1:35 pm
keyboard_arrow_down
Making Webhook APIs More Secure for Enterprise Use
Liam Forde 1:35 pm remove 2:00 pm
keyboard_arrow_down
Design Secure APIs at Scale
Roberto Polli 2:00 pm remove 2:25 pm
keyboard_arrow_down
5 Keys to Surviving the API Apocalypse
Brenton House 2:25 pm remove 2:50 pm
keyboard_arrow_down
Are Your APIs Rugged Enough?
Collin Domoney 2:50 pm remove 3:15 pm
keyboard_arrow_down
Untangling Identity API Complexity
Eric Leach 3:15 pm remove 3:40 pm
keyboard_arrow_down
API Security & Fraud Detection - Are You Ready?
Dan Farache 3:40 pm remove 4:00 pm
keyboard_arrow_down
Conference Closing Keynote
Welcome and Opening Remarks
9:10 am remove 9:50 am
keyboard_arrow_down
Hacking and Defending APIs
9:50 am remove 10:20 am
keyboard_arrow_down
Exploiting Multi-step Business Logic Vulnerabilities in APIs
10:40 am remove 11:05 am
keyboard_arrow_down
Shift Left - The Right Way
Sanjay Nagaraj 11:05 am remove 11:30 am
keyboard_arrow_down
Defending APIs From the Inside-Out
Jeff Williams 11:30 am remove 11:55 am
keyboard_arrow_down
Crowdsourced Pentesting / API Defenses
Jeremiah Roe 11:55 am remove 12:20 pm
keyboard_arrow_down
Do You Know What Information Your APIs are Leaking?
Jason Kent 1:10 pm remove 1:35 pm
keyboard_arrow_down
The Real World, API Security Edition: When Best Practices Stop Being Polite and Start Being Real
Sean Boulter 1:35 pm remove 2:00 pm
keyboard_arrow_down
Securing Large API Ecosystems
Michal Trojanowski 2:00 pm remove 2:25 pm
keyboard_arrow_down
A Day in the Life of an API: Fighting the Odds
Gil Shulman 2:25 pm remove 2:50 pm
keyboard_arrow_down
Passwordless Multi-factor Authentication Security and Identity
Selahaddin Karatas 2:50 pm remove 3:15 pm
keyboard_arrow_down
Learn from the Past, Secure the Present, Plan For the Future: API Vulnerabilities
Hila Zigman-Zinshtein 2:50 pm remove 3:15 pm
keyboard_arrow_down
Quarterly Review of API Vulnerabilities
Ivan Novikov 3:40 pm remove 4:00 pm
keyboard_arrow_down
Conference Closing Keynote
Welcome and Opening Remarks
9:10 am remove 9:50 am
keyboard_arrow_down
Hacking and Defending APIs
9:50 am remove 10:20 am
keyboard_arrow_down
Exploiting Multi-step Business Logic Vulnerabilities in APIs
10:40 am remove 11:30 am
keyboard_arrow_down
Why AI-Based API Security is Just Not Enough
10:40 am remove 11:05 am
keyboard_arrow_down
API Security: Trends in 2022
11:05 am remove 11:30 am
keyboard_arrow_down
How Are You Securing the Number 1 Attack Vector?
Matt Tesauro 11:30 am remove 12:20 pm
keyboard_arrow_down
API Security with Traceable AI
Dan Gordon 11:20 am remove 11:55 am
keyboard_arrow_down
What is Your API Attack Surface Area?
Daniel Weaver 11:55 am remove 12:20 pm
keyboard_arrow_down
Red Table: Talk With API Hackers
1:10 pm remove 2:00 pm
keyboard_arrow_down
API Testing Fundamentals and Lab
2:00 pm remove 2:50 pm
keyboard_arrow_down
Hands-on Testing and Protecting APIs
2:50 pm remove 3:15 pm
keyboard_arrow_down
Managing Your Software Supply Chain
2:50 pm remove 3:15 pm
keyboard_arrow_down
Quarterly Review of API Vulnerabilities
3:40 pm remove 4:00 pm
keyboard_arrow_down
Conference Closing Keynote
Click on a speaker to access their recorded sessions from past conferences.
Attendee Registration Information
Join us in April 2023 to experience an APIsecure conference like never before. The world’s leading marketplace for unbridled content for API hackers and API defenders, unmatched connections and transformative security solutions shaping the future of possible in API security. If you are an API penetration tester, defender, or work in API security solutions, you belong here.
Coming Soon!
Sponsored By
Platinum Sponsor
Modern applications are extremely hard to secure and protect. Microservices, APIs, and cloud services are complex and continuously change. Traceable enables security to manage their application and API risks given the continuous pace of change and modern threats to applications. More information: https://www.traceable.ai
Gold Sponsors
Wib.com is the first full lifecycle API Security platform, with a suite of products covering the entire API lifecycle – development, testing, and production. Wib’s holistic and integrative solution utilizes state-of-the-art proprietary AI and ML to analyze, test, and secure your APIs – providing full visibility, actionable insights, and comprehensive protection across the entire lifecycle.
Noname Security has the most powerful, complete, and easy-to-use API security platform that enables enterprises to discover, analyze, remediate, and test all APIs. Noname finds and inventories APIs; detects attacks, suspicious behavior, and misconfigurations using AI-based behavioral analysis; prevents attacks and integrates with existing remediation and security infrastructure; and actively validates APIs before deployment.
Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory tracking, risk analysis and native mitigation with proven, real-time threat protection against ever-evolving API attacks. Cequence Security secures more than 6 billion API calls a day and protects more than 2 billion user accounts across our Fortune 500 customers. Our customers trust us to protect their APIs and web applications with the most effective and adaptive defense against online fraud, business logic attacks, exploits and unintended data leakage, which enables them to remain resilient in today’s ever-changing business and threat landscape. Learn more at www.cequence.ai
Ping Identity champions identity security to enable secure, extraordinary digital experiences for your employees, partners, and customers. We provide flexible identity solutions that accelerate digital business initiatives, delight customers and secure the enterprise through identity orchestration, multi-factor authentication, single sign-on, access management, intelligent API security, directory, and data governance capabilities. Over half of the Fortune 100 choose us for our identity expertise, open standards, and partnerships with major enterprises. Come see our virtual booth!
Synack’s the premier on-demand security testing platform harnesses a vetted community of world-class security researchers for continuous penetration testing and vulnerability management. We partner with enterprises to add vital security testing capabilities and capacity to find the vulnerabilities that matter, even at scale. We are committed to making the world more secure by closing the cybersecurity skills gap, giving organizations on-demand access to the most-trusted security researchers in the world.
Silver Sponsors
The Salt Security patented API Protection Platform protects the APIs core to every modern application. Deployed in minutes with no agents or configuration, Salt uses ML and AI to automatically and continuously discover all APIs and exposed data, stop API attacks, and provide insights to harden APIs.
Contrast Security secures the code that global business relies on. It is the industry’s most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Security and development teams can then continue innovating while accelerating digital transformation initiatives.
Bronze Sponsors
L7 Defense helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks
Neosec is reinventing application security. Its pioneering SaaS platform gives security professionals visibility into behavior across their entire API estate.
StackHawk makes it simple for developers to find, triage, and fix application security bugs. Scan your application for AppSec bugs, triage and fix with provided documentation, and automate in your pipeline to prevent future bugs from hitting prod.
Media Partner
Follow us