Products

Solutions

Resources

Search for API Security Tests

Podcast

API Security: The good, the bad and the ugly

Delve into API security with Akto's co-founder Ankita Gupta and experts in this enlightening bi-weekly podcast. Get insights, trends, and best practices for API enthusiasts, developers, and security pros. Stay ahead in API security.

Sep 1, 2023

Ep 2: Ashwani Mahajan from SoFi explores critical security practices for API security

Summary

API Security: the good, the bad, the ugly. This time with Ankita Gupta & Ashwani Mahajan. 

Join Ankita Gupta, founder of Akto, as she hosts Ashwani Mahajan, a seasoned application security engineer from SoFi, a leading fintech firm. This episode is a deep dive into the realm of API security and the critical elements to keep in mind before rolling out into production. 

For additional resources - check out this webinar by Akto on API Security in DevSecOps.

Episode Notes

Some Key Takeaways: 
 

Communication is King: Ashwani highlights the indispensability of seamless communication with stakeholders. Aligning with the code warriors, the engineering teams, is the first step to an integrated security approach. 

Know Your APIs: An inventory that maps out all existing APIs and those in the pipeline is foundational. Keeping an eye on third-party services integration is equally pivotal. 

Tooling Matters: For holistic API security, investing in top-notch tools that detect intricate attacks and spot security misconfigurations is essential. 

Talk to Your Developers: Beyond just tools, Ashwani underscores the essence of nurturing a symbiotic relationship with developers—education, resources, documentation, and constructive feedback loop are the cornerstones. 

Act, Analyze & Amend: The discovery of a vulnerability is just the beginning. Grading its severity and acting accordingly is crucial. Post-remediation analysis helps understand the 'how' and 'why' of the breach, preventing future lapses. 

Developer's Toolkit: From the nitty-gritty of authentication and authorization to the vital aspects of input validation and sanitization, Ashwani shares pro-tips for developers. 

Third-party API Security: The world of third-party APIs presents its own set of challenges. The key is to comprehend their integration purpose, be well-acquainted with their docs, keep a tab on data-sharing protocols, and always ensure updated encryption and dependencies. 

Golden Advice for Newbies: To budding security engineers, Ashwani’s wisdom? Immerse yourself in the business. A keen understanding of the company's heart and soul—its operations and services—sets the stage for a foolproof security strategy.