December 5, 2024 - CNIT Forest Paris

API Security Day

Join us for a focused, one-day event dedicated to the critical topic of API security. Learn from industry leaders and discover the latest strategies and technologies to protect your APIs.

API Security Day is powered by

APIDays Logo

Learn from modern API security leaders

100,000+ attendees

CIOs, CTO, CDOs, SVPs, VPs, Heads of Innovation, Heads of API, API Architects, Developers, Software Engineers, Infrastructure & Cloud Managers, IT Managers, Product Managers, Consultants & Analysts

10+ expert speakers

Our lineup features leading speakers from renowned companies, including Siemens Energy, Groupe BPCE, ABN AMRO, Capital One and others, who are at the forefront of API security.

Connect with fellow API security experts

Join a diverse group of cybersecurity experts, API product and platform leaders, and skilled developers as they come together to share their valuable insights and experiences on effectively protecting APIs. This conference is the perfect opportunity to expand your knowledge and network with the best in the field.

Explore the latest innovations in API Security

Discover cutting-edge tools, techniques, and best practices in API security through talks, panels and hands-on demonstrations. Stay ahead of the curve by learning about the latest advancements in the industry, from threat detection to compliance strategies. This is your chance to see how leading organizations are implementing innovative solutions to secure their APIs.

2024 Speaker Lineup

Corey Ball

Author & Sr. Manager -
Penetration Testing
@ Moss Adams

Vincent Fély

API Security Lead
@ BPCE Solutions Informatiques

Akansha Shukla

Security Domain Expert
@ ABN AMRO NL

Antoine Carossio

CTO & Co-founder
@ Escape

Teresa Pereira

Threat Hunter
@ Siemens Energy

Régis Senet

Head of Cybersecurity
@ Shares

Damilola Ale

Frontend Engineer
@ Evolve Credit

Isabelle Mauny

Field CTO
@ WSO2

Desmond Lamptey

Lead Software Engineer
@ Capital One

Michał Trojanowski

Product Engineer
@Curity

Kayssar Daher

Lead Security Engineer
@ GitGuardian

Marine du Mesnil

Head of Cybersecurity Tribe
@ Theodo

Carole Njoya

CISO, CEO Alcees,
Member of CEFCYS

Explore the 2024 Agenda

9:45 am
Welcome and Opening Remarks
10:00 am
The Ghost of APIs Past
Learn more
Corey Ball
Author and Sr. Manager - Penetration Testing at Moss Adams
10:25 am
Scaling API Security
Learn more
Antoine Carossio
CTO & Co-founder of Escape
11:10 am
API security in the age of AI
Learn more
Vincent Fély
API Security Lead, BPCE Solutions Informatiques
11:35 am
Layered Approach of API Security Strategies and its Business Impact
Learn more
Akansha Shukla
Security Domain Expert,
ABN AMRO NL
12:00 pm
Panel: Implication de l’IA générative sur la sécurité des API
Learn more
Marine du Mesnil
Head of Cybersecurity Tribe, Theodo
Vincent Fély,
API Security Lead
@ BPCE Solutions Informatiques
Régis Senet,
Head of Cybersecurity, Shares
12:30 pm
Lunch break
1:50 pm
Secure SDLC for Modern APIs
Learn more
Kayssar Daher
Lead Security Engineer,
GitGuardian
2:15 pm
3rd party services - Threat management
OAuth is a widely used authorization framework that enables third-party applications to access resources on behalf of a user. However, it has historically been difficult to meet very high security and interoperability requirements when using OAuth. Joseph has spent much of the last six years working to improve the state of the art and will present the latest developments in the field.

There are challenges when trying to achieve high security and interoperability with OAuth 2: There are many potential threats, some not part of the original OAuth threat model. For seamless authorizations, optionality must be minimized in OAuth itself and also in any extensions used.

Seven years ago, the IETF OAuth working group began work on the Security Best Current Practice document and more recently on OAuth 2.1. Meanwhile, the OpenID Foundation has created FAPI1 and FAPI2 security profiles.In this talk you will learn the focus of each document and when to use which. See how to achieve on-the-wire interoperability and security using techniques like asymmetric client authentication and sender-constraining via DPoP and MTLS. You'll leave understanding the benefits for implementers and the role of conformance testing tools.
Carole Njoya
CISO, CEO Alcees, Member of CEFCYS
2:40 pm
Introduction to Securing APIs: Best Practices for Frontend Developers
Learn more
Damilola Ale
Frontend Engineer, Evolve Credit
3:05 pm
Military-Grade Security for APIs
Learn more
Michał Trojanowski
Product Engineer, Curity
3:55 pm
Building A Security-Centric Developer Platform
Learn more
Isabelle Mauny
Field CTO, WSO2
4:20 pm
Why We Should All Be API Hackers
Learn more
Desmond Lamptey
Lead Software Engineer, Capital One
4:45 pm
Do not live in the Shadow (APIs)
Learn more
Teresa Pereira
Threat Hunter, Siemens Energy
5:10 pm
Closing remarks

Secure your spot today

Get your ticket