During the months of May and June, the Enterprise Security Architecture Focus Group organized two consecutive instructive webinars on API Security, each approached from a different angle. Next to devops, application containers and microservices, APIs are key enablers for the digital transformation of our enterprises.
The first webinar covered the ‘Common pitfalls and recent evolutions in API security’ and was presented by Philippe De Ryck (pragmaticwebsecurity), an internationally recognized web security expert, trainer, and speaker.
Philippe gave us an in-depth technical lecture on the best practices for API security, highlighting common API vulnerabilities along with current best practices for API authentication and authorization, and not to forget the recent evolutions in the API landscape. The content was based on his conference talks “Common API security pitfalls” and “Recent evolutions in the OAuth 2.0 and OpenID Connect landscape”, both food for an interactive Q&A during our group session.
After the deep dive of Philippe, we focused in a second webinar on the API Security architecture and strategy at ING. Patrice Krakow, lead architect of the API platform at ING Belgium, clarified how API security is being managed at ING, still with an emphasis on the applied architecture development method. Purpose of his webinar was to drive group interaction, allowing each and every member to learn from the insights and practices of others in the field of APIs.