Top Reading
Sorry, there is nothing for the moment.
Most Upvoted

APRIL 05 - 06, 2023

APISecure 2023

Days Hours Minutes Seconds

Dates and Booking

FEATURED PAST SPEAKERS



About APIsecure

APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security. Never before has a conference been focused solely on teaching the tactics and techniques in hacking APIs to red teams and how to defend against them to blue teams. This conference will feature multiple tracks of curated content, each dedicated to offense and defense from some of the most well known cybersecurity influencers and hackers in API vulnerability research.

APIsecure was co-founded by apidays, and Melissa and Alissa Knight, a renowned API hacker who’s literally writing the book on hacking APIs and who published some of the most widely known and controversial research papers in hacking passenger vehicles, financial services, fintech, and healthcare APIs over the last decade.

Powered by apidays and Knight Events

About apidays

Through its 10 years of existence, apidays has become the leading tech and business conference in APIs and the programmable economy.

About Knight Events

Purveyors of cybersecurity events that bring together red teams and blue teams for capacity building in tactics and techniques for creating the next generation of more effective breakers and defenders.

Background
AGENDA

DAY 1


Select arrow_drop_down
9:00 am remove 9:10 am
ALL TRACKS
keyboard_arrow_down
Background
9:10 am remove 9:50 am
ALL TRACKS
keyboard_arrow_down
Background

Scorched Earth: How I Hacked 55 Banks and Cryptocurrency Exchanges

A tell-all presentation on my vulnerability research campaign into hacking 55 banks and cryptocurrency exchanges.

9:50 am remove 10:20 am
ALL TRACKS
keyboard_arrow_down
Background

State of the API Security Market: A VC's Perspective

Thumbnail Alissa Knight

Thumbnail Dave DeWalt

VC and business mogul, Dave DeWalt provides his perspective on the state of the API security market.

10:40 am remove 11:05 am
RED TRACK
keyboard_arrow_down
Background

Go Hack Yourself: API Hacking For Beginners

Thumbnail Dr. Katie Paxton-Fear

Dr. Katie Paxton-Fear provides a cradle-to-grave walkthrough on how to hack APIs for beginners.

10:40 am remove 11:05 am
keyboard_arrow_down
Background

Hacking APIs 101 with MindAPI

11:30 am remove 11:55 am
keyboard_arrow_down
Background

The State of FHIR API Security in Healthcare

1:10 pm remove 1:35 pm
keyboard_arrow_down
Background

API Security Through External Attack Surface Management

1:35 pm remove 2:00 pm
keyboard_arrow_down
Background

vAPI: Vulnerable Adversely Programmed Interface

2:00 pm remove 2:25 pm
keyboard_arrow_down
Background

Method for Exploiting IDOR on nodejs+mongodb based backend

2:25 pm remove 2:50 pm
keyboard_arrow_down
Background

Raw and Unbridled Truth: Healthcare APIs

3:10 pm remove 3:35 pm
keyboard_arrow_down
Background

Securing APIs with Open Standards

9:00 am remove 9:10 am
ALL TRACKS
keyboard_arrow_down
Background
9:10 am remove 9:50 am
ALL TRACKS
keyboard_arrow_down
Background

Scorched Earth: How I Hacked 55 Banks and Cryptocurrency Exchanges

A tell-all presentation on my vulnerability research campaign into hacking 55 banks and cryptocurrency exchanges.

9:50 am remove 10:20 am
ALL TRACKS
keyboard_arrow_down
Background

State of the API Security Market: A VC's Perspective

Thumbnail Alissa Knight

Thumbnail Dave DeWalt

VC and business mogul, Dave DeWalt provides his perspective on the state of the API security market.

10:40 am remove 11:05 am
keyboard_arrow_down
Background

Creating an API Security Strategy From a CISO's Perspective

11:05 am remove 11:30 am
keyboard_arrow_down
Background

Evolution of the OWASP API Security Top 10

11:30 am remove 11:55 am
keyboard_arrow_down
Background

Lobbying For an API Security Budget

11:55 am remove 12:20 am
keyboard_arrow_down
Background

We're Not in AppSec Anymore Toto, API Security For the Enterprise

1:10 pm remove 1:35 pm
keyboard_arrow_down
Background

Stories on the Need For API Security in Healthcare

1:35 pm remove 2:00 pm
keyboard_arrow_down
Background

Secure your APIs with WAF in AWS

2:00 pm remove 2:25 pm
keyboard_arrow_down
Background

Securing API Tokens on Github

2:25 pm remove 2:50 pm
keyboard_arrow_down
Background

Why Assertion-based Access Token is Preferred to Handle-based One

3:10 pm remove 3:35 pm
keyboard_arrow_down
Background

Anomaly Detection is no Longer a Strategy: Your Anomalies are Valid Traffic vs Majority of Attacker Traffic

9:00 am remove 9:10 am
ALL TRACKS
keyboard_arrow_down
Background
9:10 am remove 9:50 am
ALL TRACKS
keyboard_arrow_down
Background

Scorched Earth: How I Hacked 55 Banks and Cryptocurrency Exchanges

A tell-all presentation on my vulnerability research campaign into hacking 55 banks and cryptocurrency exchanges.

9:50 am remove 10:20 am
ALL TRACKS
keyboard_arrow_down
Background

State of the API Security Market: A VC's Perspective

Thumbnail Alissa Knight

Thumbnail Dave DeWalt

VC and business mogul, Dave DeWalt provides his perspective on the state of the API security market.

10:40 am remove 11:05 am
keyboard_arrow_down
Background

Harnessing the Speed of Innovation

11:05 am remove 11:30 am
keyboard_arrow_down
Background

API Catalog: First Step Towards API Security

11:30 am remove 11:55 am
keyboard_arrow_down
Background

Shifting Right on APIs

11:55 am remove 12:20 pm
keyboard_arrow_down
Background

From Shift Left to Full Circle: A Pragmatic Approach to Catching Up and Keeping Up with API Security

1:10 pm remove 1:35 pm
keyboard_arrow_down
Background

The Illusion of Proactive Code Hardening Against Business Logic Attacks, Myth vs. Reality

1:35 pm remove 2:00 pm
keyboard_arrow_down
Background

API Abuse: How Data Breaches Now and in the Future Will Use APIs as the Attack Vector

2:00 pm remove 2:25 pm
keyboard_arrow_down
Background

Hackers withValid or Stolen Credentials and API Security: Beyond OWASP Top 10

2:25 pm remove 2:50 pm
keyboard_arrow_down
Background

API Security Testing: The Next Step in Modernizing AppSec

3:10 pm remove 3:35 pm
keyboard_arrow_down
Background

Understanding API Abuse With Behavioral Analytics

3:35 pm remove 4:00 pm
keyboard_arrow_down
Background

Realizing the Full Cloud Native Potential With a Multi-Layered Defense Approach

9:00 am remove 9:10 am
ALL TRACKS
keyboard_arrow_down
Background
9:10 am remove 9:50 am
ALL TRACKS
keyboard_arrow_down
Background

Scorched Earth: How I Hacked 55 Banks and Cryptocurrency Exchanges

A tell-all presentation on my vulnerability research campaign into hacking 55 banks and cryptocurrency exchanges.

9:50 am remove 10:20 am
ALL TRACKS
keyboard_arrow_down
Background

State of the API Security Market: A VC's Perspective

Thumbnail Alissa Knight

Thumbnail Dave DeWalt

VC and business mogul, Dave DeWalt provides his perspective on the state of the API security market.

10:40 am remove 11:05 am
keyboard_arrow_down
Background

How to Approach the Security of APIs at Scale

10:40 am remove 11:05 am
keyboard_arrow_down
Background

API Security: Thinking Like an Attacker

11:05 am remove 11:30 am
keyboard_arrow_down
Background

Here Come the Questions: Answer to the Board and Executive Leadership About API Security

11:30 am remove 11:55 am
keyboard_arrow_down
Background

API Security with Traceable API

11:30 am remove 11:55 am
keyboard_arrow_down
Background

The Need for Automation in API Security

1:10 pm remove 1:35 pm
keyboard_arrow_down
Background

Critical Features of an API Security Program

1:10 pm remove 1:35 pm
keyboard_arrow_down
Background

The Next Chapter After ModSec: A Smarter Inclusive Rules Engine

2:00 pm remove 2:25 pm
keyboard_arrow_down
Background

Real-time and Real-life Attackers' View

2:00 pm remove 2:25 pm
keyboard_arrow_down
Background

Top 10 API Vulnerabilities Found in the Wild

Background
AGENDA

DAY 2


Select arrow_drop_down
9:00 am remove 9:10 am
ALL TRACKS
keyboard_arrow_down
Background
9:10 am remove 9:50 am
keyboard_arrow_down
Background

Hacking and Defending APIs

9:50 am remove 10:20 am
keyboard_arrow_down
Background

Exploiting Multi-step Business Logic Vulnerabilities in APIs

10:40 am remove 11:05 am
keyboard_arrow_down
Background

API Security: A CISOs Perspective

11:30 am remove 11:55 am
keyboard_arrow_down
Background

Vaishali's Guide to Hacking APIs with Business Logic Flaws

1:10 pm remove 1:35 pm
keyboard_arrow_down
Background

Anatomy of an API Attack: Applying MITRE Framework to API Threat Modeling

2:00 pm remove 2:25 pm
keyboard_arrow_down
Background

Workshop: Training Future Women and Nonbinary in API Security

11:05 am remove 2:25 pm
keyboard_arrow_down
Background

Panel: Demystifying the API Security Landscape

3:15 pm remove 3:40 pm
keyboard_arrow_down
Background

Lessons Learned in Hacking 4 Million Patient Records Through FHIR APIs

3:40 pm remove 4:00 pm
keyboard_arrow_down
Background
9:00 am remove 9:10 am
ALL TRACKS
keyboard_arrow_down
Background
9:10 am remove 9:50 am
keyboard_arrow_down
Background

Hacking and Defending APIs

9:50 am remove 10:20 am
keyboard_arrow_down
Background

Exploiting Multi-step Business Logic Vulnerabilities in APIs

10:40 am remove 11:05 am
keyboard_arrow_down
Background

Securing FHIR APIs in Healthcare

11:05 am remove 11:30 am
keyboard_arrow_down
Background

Designing and Implementing a FHIR API Security Plan

11:30 am remove 11:55 am
keyboard_arrow_down
Background

Top Ten Security Tips for APIs

11:55 am remove 12:20 pm
keyboard_arrow_down
Background

Monitoring and Responding to API Breaches

1:10 pm remove 1:35 pm
keyboard_arrow_down
Background

Making Webhook APIs More Secure for Enterprise Use

1:35 pm remove 2:00 pm
keyboard_arrow_down
Background

Design Secure APIs at Scale

2:00 pm remove 2:25 pm
keyboard_arrow_down
Background

5 Keys to Surviving the API Apocalypse

2:25 pm remove 2:50 pm
keyboard_arrow_down
Background

Are Your APIs Rugged Enough?

2:50 pm remove 3:15 pm
keyboard_arrow_down
Background

Untangling Identity API Complexity

3:15 pm remove 3:40 pm
keyboard_arrow_down
Background

API Security & Fraud Detection - Are You Ready?

3:40 pm remove 4:00 pm
keyboard_arrow_down
Background
9:00 am remove 9:10 am
ALL TRACKS
keyboard_arrow_down
Background
9:10 am remove 9:50 am
keyboard_arrow_down
Background

Hacking and Defending APIs

9:50 am remove 10:20 am
keyboard_arrow_down
Background

Exploiting Multi-step Business Logic Vulnerabilities in APIs

10:40 am remove 11:05 am
keyboard_arrow_down
Background

Shift Left - The Right Way

11:05 am remove 11:30 am
keyboard_arrow_down
Background

Defending APIs From the Inside-Out

11:30 am remove 11:55 am
keyboard_arrow_down
Background

Crowdsourced Pentesting / API Defenses

11:55 am remove 12:20 pm
keyboard_arrow_down
Background

Do You Know What Information Your APIs are Leaking?

1:10 pm remove 1:35 pm
keyboard_arrow_down
Background

The Real World, API Security Edition: When Best Practices Stop Being Polite and Start Being Real

1:35 pm remove 2:00 pm
keyboard_arrow_down
Background

Securing Large API Ecosystems

2:00 pm remove 2:25 pm
keyboard_arrow_down
Background

A Day in the Life of an API: Fighting the Odds

2:25 pm remove 2:50 pm
keyboard_arrow_down
Background

Passwordless Multi-factor Authentication Security and Identity

2:50 pm remove 3:15 pm
keyboard_arrow_down
Background

Learn from the Past, Secure the Present, Plan For the Future: API Vulnerabilities

2:50 pm remove 3:15 pm
keyboard_arrow_down
Background

Quarterly Review of API Vulnerabilities

3:40 pm remove 4:00 pm
keyboard_arrow_down
Background
9:00 am remove 9:10 am
ALL TRACKS
keyboard_arrow_down
Background
9:10 am remove 9:50 am
keyboard_arrow_down
Background

Hacking and Defending APIs

9:50 am remove 10:20 am
keyboard_arrow_down
Background

Exploiting Multi-step Business Logic Vulnerabilities in APIs

10:40 am remove 11:30 am
keyboard_arrow_down
Background

Why AI-Based API Security is Just Not Enough

10:40 am remove 11:05 am
keyboard_arrow_down
Background

API Security: Trends in 2022

11:05 am remove 11:30 am
keyboard_arrow_down
Background

How Are You Securing the Number 1 Attack Vector?

11:30 am remove 12:20 pm
keyboard_arrow_down
Background

API Security with Traceable AI

11:20 am remove 11:55 am
keyboard_arrow_down
Background

What is Your API Attack Surface Area?

11:55 am remove 12:20 pm
keyboard_arrow_down
Background

Red Table: Talk With API Hackers

1:10 pm remove 2:00 pm
keyboard_arrow_down
Background

API Testing Fundamentals and Lab

2:00 pm remove 2:50 pm
keyboard_arrow_down
Background

Hands-on Testing and Protecting APIs

2:50 pm remove 3:15 pm
keyboard_arrow_down
Background

Managing Your Software Supply Chain

2:50 pm remove 3:15 pm
keyboard_arrow_down
Background

Quarterly Review of API Vulnerabilities

3:40 pm remove 4:00 pm
keyboard_arrow_down
Background

Click on a speaker to access their recorded sessions from past conferences.

Apply to Speak

Background

Attendee Registration Information

Join us in April 2023 to experience an APIsecure conference like never before. The world’s leading marketplace for unbridled content for API hackers and API defenders, unmatched connections and transformative security solutions shaping the future of possible in API security. If you are an API penetration tester, defender, or work in API security solutions, you belong here.

Coming Soon!


Background
Background

Sponsored By

Platinum Sponsor

Modern applications are extremely hard to secure and protect. Microservices, APIs, and cloud services are complex and continuously change. Traceable enables security to manage their application and API risks given the continuous pace of change and modern threats to applications. More information: https://www.traceable.ai 

Gold Sponsors


Wib.com is the first full lifecycle API Security platform, with a suite of products covering the entire API lifecycle – development, testing, and production. Wib’s holistic and integrative solution utilizes state-of-the-art proprietary AI and ML to analyze, test, and secure your APIs – providing full visibility, actionable insights, and comprehensive protection across the entire lifecycle.


Noname Security has the most powerful, complete, and easy-to-use API security platform that enables enterprises to discover, analyze, remediate, and test all APIs. Noname finds and inventories APIs; detects attacks, suspicious behavior, and misconfigurations using AI-based behavioral analysis; prevents attacks and integrates with existing remediation and security infrastructure; and actively validates APIs before deployment.


Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory tracking, risk analysis and native mitigation with proven, real-time threat protection against ever-evolving API attacks. Cequence Security secures more than 6 billion API calls a day and protects more than 2 billion user accounts across our Fortune 500 customers. Our customers trust us to protect their APIs and web applications with the most effective and adaptive defense against online fraud, business logic attacks, exploits and unintended data leakage, which enables them to remain resilient in today’s ever-changing business and threat landscape. Learn more at www.cequence.ai


Ping Identity champions identity security to enable secure, extraordinary digital experiences for your employees, partners, and customers. We provide flexible identity solutions that accelerate digital business initiatives, delight customers and secure the enterprise through identity orchestration, multi-factor authentication, single sign-on, access management, intelligent API security, directory, and data governance capabilities. Over half of the Fortune 100 choose us for our identity expertise, open standards, and partnerships with major enterprises. Come see our virtual booth!


Synack’s the premier on-demand security testing platform harnesses a vetted community of world-class security researchers for continuous penetration testing and vulnerability management. We partner with enterprises to add vital security testing capabilities and capacity to find the vulnerabilities that matter, even at scale. We are committed to making the world more secure by closing the cybersecurity skills gap, giving organizations on-demand access to the most-trusted security researchers in the world.


Silver Sponsors


The Salt Security patented API Protection Platform protects the APIs core to every modern application. Deployed in minutes with no agents or configuration, Salt uses ML and AI to automatically and continuously discover all APIs and exposed data, stop API attacks, and provide insights to harden APIs.


Contrast Security secures the code that global business relies on. It is the industry’s most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Security and development teams can then continue innovating while accelerating digital transformation initiatives.


Bronze Sponsors


L7 Defense helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks


Neosec is reinventing application security. Its pioneering SaaS platform gives security professionals visibility into behavior across their entire API estate.


StackHawk makes it simple for developers to find, triage, and fix application security bugs. Scan your application for AppSec bugs, triage and fix with provided documentation, and automate in your pipeline to prevent future bugs from hitting prod.


Media Partner


Follow us
Twitter LinkedIn
Background