This presentation will start with top risks APIs are vulnerable to and recent security incidents caused by API vulnerabilities. A walkthrough of FIS new API security program initiative and capabilities this program will be built upon to protect the FIS APIs followed by demo of API exploitation.
This presentation will cover API exploitation, specifically 2 examples of API exploitation which cover abusing an API that is vulnerable to broken auth leading to exposure of PII. It will also demonstrate username harvesting. Beyond exploitation of API, expect an overview of tools leveraged to exploit and discover APIs, in addition to tactics used by threat actors to discover APIs. Lastly, this presentation will cover stats around how exploitation of APIs has affected FIS directly.
Automating quality gates through the adoption of Policy-as-Code will provide a capability for FIS to enforce Policy, Controls and Guardrails in the SDLC that is integrated into our target CI/CD Delivery Platform so we can achieve our North Star of Continuous Production Deployment. We will discuss how this capability supports our strategic goal to deliver quality products faster.
Providing an end-to-end pipeline demo starts from code commit to UAT deployment, integrating various security and test tools, as well as automating JIRA and SNOW ticket creation. Harness SEI captures DORA metrics for continuous improvement, and feature flags enable or disable features without redeploying.
A walk-through of Harness AI Developer Assistant (AIDA) and opportunities to reduce effort in areas such as Pipeline Error Analysis, Continuous Verification, Policy as Code Authoring, and Generating Reports.
