FireTail presenting at the BlackHat open source Arsenal 2022 on Wednesday at 10am local time. Come learn more about our open source code library for real-time, inline API security checking.
Specifically, we'll be opening up our API security library as open source for the very first time. We will be joining a number of other research and cyber operations teams to share tools that we've built, based on our learnings.
We have spent the last several months building a database of API data breaches, and analyzing them to understand the attack vectors, vulnerabilities and TTPs that bad actors use against APIs. This has brought us to the same logical conclusion that Gartner and Akamai shared in their State of the Internet report, Volume 7, Issue 4 - API: The Attack Surface that Connects us All. That conclusion is:
We started FireTail with that statement in mind, combined with our own thesis around making it easy for any developer to build a more secure API. That's why we made FireTail for the developer, DevOps or DevSecOps team. It's lightweight, easy to adopt, easy to integrate into either new or existing applications. It does not require re-thinking your application logic, or changing anything about your data flows.
FireTail sits on top of popular open source frameworks for building web services and APIs, like OpenAPI/Swagger, Express and Rails, and then provides in-line security processing of the API calls. FireTail checks for (in sequential order):
1. API call is hitting valid route using a valid method. This allows for a zero-trust, declarative API structure, with proper error handling at the HTTP layer.
2. Inspection of authentication token. Does the API expect a JWT, application-issued API key or other? FireTail will check whether a valid token of the correct type is present.
3. Payload inspection. FireTail will look for and fail invalid queries.
Past companies and tools exhibited at the BlackHat Arsenal include open source tools that have become part of the everyday conversation for security practitioners.
See the details on FireTail's session at Blackhat Arsenal here.
Date: Wednesday, August 10 | 10:00am-11:30am ( Business Hall - Arsenal Station 3 )
And if you can't make it to BlackHat, don't worry. This time, what happens in Vegas won't stay in Vegas. We'll be able to post more after the conference. Stay tuned for more!
RSA is all about building bridges and connections.
Join FireTail virtually at API Secure 2023! Jeremy Snyder will share learnings from a decade of API data breaches, and discuss why FireTail takes a unique approach to API security