OWASP Helsinki Chapter held a meeting number 34 last week at Eficode with topics of
"Perfectly secure API" and "Best friends: API security & API management". The event gave good overview to the topics covered and was quite packed with people. Eficode's premises were modern and there was snacks and beverages. And also a sauna. Here is a short recap of the talks.
Perfectly secure API
Matti Suominen from Nixu talked about perfectly secure API and things related to get there. Can API be secure? On gut feeling APIs seems to be rubbish and have problems. He covered the topic from three view points: security, risks and defense. Good starting point is to read OWASP resources like ASVS, Top 10 and Security cheat sheet. Also implement security centrally, involve business in design and DIY never works out.
There are so many things which can go wrong if you code your own #API. @NixuTigerTeam asked what’s perfectly secure API at #OWASPHelsinki. #OWASP ASVS, Top 10 and REST #Security Cheat Sheet are good starting points. Good overview although sometimes ~DIY is needed ? #apisec pic.twitter.com/ZdP8Xfvwuf— Marko Wallin (@walokra) June 12, 2018
Best friends: API security & API management
Antti Virtanen from Solita talked about API security and API management and how we've traveled from dark ages to modern times. You can do API security with tools like Amazon AWS API Gateway but the main point was to step further with API management. Use some already made products like Apigee and open source alternative Tyk.io. Slides are available in Slideshare.
From dark ages to modern ages and better API security with #API management as @anakonantti from @SolitaOy showed at #OWASPHelsinki meetup. #Apigee is one solution. Step further from API gateway, adds DX and publishing tools. Open source alternative is @tyk_io but it’s complex. pic.twitter.com/re69veD9bx— Marko Wallin (@walokra) June 12, 2018