This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, September 29 • 11:10am - 11:50am
Web Application and API Security: The Latest Trends and Threats

Sign up or log in to save this to your schedule and see who's attending!

As an overwhelming number of applications are created or move to the cloud, web application vulnerabilities are skyrocketing. This talk will dive into the latest web attack vectors and how you can protect your web applications and API’s. Some example areas that will be touched on are DDOS, XSS, CSP, SQL injection, HSTS and PKI.

A Content Delivery Network's vast insight into the full range of web attacks against both its customers and itself is unique, leveraging data on the delivery of hundreds of Gbps (Gigabits per second) of static and dynamic Web content Web applications and API’s are the preferred targets of attackers these days given the continued move of applications and API’s to the cloud as well as the damage that can be caused (password dumps, payment data theft, defacement, etc.). 

The vast majority of developers gloss over security when building applications, instead trying to “bolt it on” after the fact “if their site gets popular”. There are far too many high profile compromises that were the result of poor web application security. There are plenty of talks that dive into “desktop” and “behind the firewall” malware and vulnerabilities, but very few that target web exploits and attacks.

The talk will examine some traffic replays of what the web attack looked like, what the attacker was targeting, as well as the technologies that were used to block the attack. Most developers have no idea what DDOS, XSS, CSP, HSTS etc. are but these are critical for the availability and security of a web application. 

The talk will also cover some of the latest improvements in Web PKI (SSL/TLS) that a website should absolutely be using for their web stack. The PKI / TLS discussion is especially relevant given the continued turmoil around governments snooping on end user traffic. There are few resources on the web about how you should configure SSL/TLS, and this talk will go over the proper setup to make sure web application end users are protected.

avatar for Sean Leach

Sean Leach

VP of Product, Fastly
Sean is VP of Product at Fastly, where he is responsible for platform and product security as well as strategic product and technology direction and evangelism. He was previously VP, Technology for Verisign and CTO of name.com, a top 15 domain registration and web hosting company as well as a Sr. Director at Neustar. His current research focus is on DNS, DDOS, Web / network performance, Internet infrastructure and combating the massive Internet... Read More →

Tuesday September 29, 2015 11:10am - 11:50am
API World Main Stage