HITB-Invoice-Logo

thank you for joining us!

API Security Through External Attack Surface Management

Date

August 25, 2022

Time

10:30

Track

CommSec Track

It is hard to protect what you cannot see. So many times, organizations are not aware of all their assets, including APIs. They prepare to have their Internet-exposed application assessed during pentests but have to go through the drill of taking inventory of all the applications. This is a similar task for all external assets, and companies do not always know what they have exposed, which makes assessing and securing them difficult. Phillip Wylie discusses how to integrate APIs into External Attack Surface Management (EASM) to improve the security posture of external facing APIs.

Detailed Outline:

  • Defining Attack Surface Management (ASM)
  • Why Prioritize External Attack Surface Management (EASM)?
  • Discovering Attack Surface
  • API Pentesting & Tools
  • Addressing Gaps EASM

Speakers

Manager, Tech Evangelism & Enablement

CyCognito

Phillip is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. During his offensive security career, he has worked in consulting and as an internal pentesting resource for companies in the financial and consumer product industries. Phillip’s offensive security includes penetration testing, application pentesting, and red teaming. He enjoys mentoring and educating others about pentesting during workshops at conferences and other events. His offensive security educator roles include community college adjunct instructor and curriculum and content creation. Phillip co-authored the book, “The Pentester Blueprint: Starting a Career as an Ethical Hacker” based on his conference talk on starting a career as a pentester and was featured in the “Tribe of Hackers: Red Team”. He is also a podcaster and the host of “The Hacker Factory Podcast”.

Other Talks in This Track

LOCATION

CommSec Track

DATE

August 25

TIME

11:00

LOCATION

CommSec Track

DATE

August 25

TIME

11:30

LOCATION

CommSec Track

DATE

August 25

TIME

14:00