Topics- See abstracts below
- Securing API's in the Cloud
- The top API threats seen in the first quarter of 2024
- Salesforce Security Pen Testing
Lunch Provided
small fee for parking est $5-$7.50 Bauerle Road Garage at UTSA Campus
University Room 2.06.04 - Business Building, John Peace Library, 1 UTSA Circle, San Antonio, TX 78249
ZOOM link provided for remote attendees
We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity!
Please feel free to pass this information on to your peers and team members.
Please reply “ONSITE” if you plan on attending in person so we can finalize headcount for food and room attendance 😊
Presentations will include:
I. Presentation on API Lifecycle-Optiv
API lifecycle graphic review-provided baseline understanding of API journey-Optiv
II. Securing APIs in the Cloud: Insights and Best Practices- Palo Alto
This presentation explores the current state of API security in the cloud, covering industry trends and common challenges organizations face. It delves into effective strategies for API discovery, risk profiling, and real-time protection, providing practical insights and best practices to enhance API security. The discussion will highlight key concerns such as inadequate authentication, lack of visibility, and poor endpoint management, aiming to equip attendees with the knowledge to better secure their API ecosystems.
III. API ThreatStats™ Report Q1 2024 Spotlight: Why API Security Is The First Thing For Enterprise AI- Wallarm
The Wallarm Research Team has analyzed billions of data points to identify the top API vulnerabilities and exploits for the 1st quarter of 2024, shining a spotlight on the rising threat of API attacks targeting AI applications. The report explores the top significant threats, identifies key trends, and provides actionable insights that can help you strengthen your API Security program, with an emphasis on identifying and protecting your AI applications from API security issues.
IV. Salesforce Pen-testing-Rodney
Topic 2-PaaS Cloud Goat is a simulated vulnerable Salesforce
Application providing hands-on experience with penetration testing of custom Salesforce applications. The tool is similar to other test tools like AWS CloudGoat, CloudFoxable, AzureGoat, GCPGoat, and Pen-Testing Cloud REST APIs in OpenStack. It is not, however, a tool for attacking Salesforce.com itself. It is novel because it focuses on custom applications deployed using the Salesforce platform and is the first tool to provide lab exercises with a collection of security tests. The main takeaways:
1. Hands-on learning opportunity of security tests for a custom Salesforce application
2. Detailed training documentation material about the underlying flaws to look for
3. Single consolidated list of common Salesforce application vulnerabilities