Bio
Dmitry Sotnikov serves as Vice President of Cloud Platform at 42Crunch – an enterprise API security company – and also maintains APISecurity.io, a popular community site with daily API Security news and weekly newsletter on API vulnerabilities, breaches, standards, best practices, regulations, and tools. Dmitry has more than two decades of experience in enterprise IT software and cloud computing – holding executive positions with companies such as WSO2, Jelastic and Quest Software.
Presentation
When APIs are IoT's Weakest Link: Security Horror Stories
IoT systems can affect our physical safety and thus have to be secure by design. However, modern-day IoT systems include a lot more than the devices and physical equipment themselves. They increasingly are made of devices, cloud services, mobile and web applications, and APIs putting them all together. These intercomponent API calls typically happen on public networks.
By definition, APIs are available for discovery, remote calls, and scripted mass invocations by rogue actors. This makes proper API security design, validation, testing, and enforcement critical.
In this session we’ll discuss:
- The treat unsecured APIs bring to IoT
- Real-world API breaches including GPS watches, e-scooters, smart buildings, and cars
- Ways to mitigate risk with modern API security design best practices
Back
To the speakers page