Uploaded byteamrapifuzz
PPTX, PDF55 views

API Days October Bangalore Presentation 2025

API Days Presentation

Download to read offline
Practical Implementation and Automation of APISBOMs
SBOM General inventory of all software components, libraries, packages, and dependencies Covers entire software systems Focus on code components only Used in traditional software supply chain risk management Typical fields: APISBOM SBOM specialized for API Inventory only Includes API metadata like version, owner, endpoints Used for API Security and API Supply Chain V/S • API name and version • API endpoint list • Which components are used in which endpoints • API-specific build & release info • API Methods Used • API security posture and vulnerability mapping Additional fields (on top of SBO M ): • Component name, version, supplier • License type • Checksums (hashes) • Known vulnerabilities (CVEs)
API version Detailed inventory of API-SBOM Stands for API Software Bill of Materials. All APIs in the application API OEM (Custom / Commercial / Open Source) API Vulnerability API license API Checksum
Visibility & Inventory • Central catalog of APIs • Versions, dependencies & ownership Security & Risk Management • Vulnerability & open-source risk mapping • Prioritized API risk assessment Operational Resilience • Faster incident response & RCA • Supports Zero Trust enforcement Automation & Integration • Automated testing & CI/CD security • Baseline for API health/SLA Continuous Posture Improvement • Living, evolving API inventory • Ongoing security posture enhancement API-SBOM Pillars Compliance & Governance • Licensing & regulatory tracking • Ownership clarity & audit trails
Core SBOM Standards CycloneDX SWID (Software Identification Tags) SPDX (Software Package Data Exchange)
API Specific Standards OpenAPI AsyncAPI GraphQL
APISBOM Emerging Concepts API Dependency Graph Cross-Organization API Provenance Tracking Machine-Readable Policy Enforcement Zero-Trust Readiness Metadata Immutable, Signed SBOM Snapshots Version Drift Detection Data Sensitivity & Regulatory Annotation CI/CD Pipeline Integration Runtime API SBOM Generation Security Posture Enrichment
Benefits Challenges V/S Comprehensive Visibility Improved Security Posture Regulatory & License Compliance Faster Incident Response Supports risk prioritization & governance Continuous Maintenance Overhead Tooling & Integration Gaps Complexity of Data Collection Lack of Standardization Organizational Adoption Resistance
Enabling organizations to easily deploy cyber security solutions and enhance their cyber security posture” VISION & MISSION What Guides Us.. “Making Security Simple”
We are product innovators and have four (4) indigenously created cyber security products to address areas of: Application Security Cyber-Resilience Cyber Training Cyber Incident Management Empowering Cyber Resilience
Team Strength 120+ Trusted Since 2022 Cyber Products 4 About Us
Thank You!

More Related Content

PDF
Software Bill of Materials (SBOM): what you as a developer need to know by Kr...
byDevClub_lv
 
PPTX
SBOMming up the pieces.pptx
byKaushal Parikh
 
PPTX
Generating SBOMS FROM FOSS_(Detecting OSS licences)
byThierry Gayet
 
PDF
Software+Bill+of+Materials+Starter+Guide (1).pdf
bykedofef453
 
PPTX
Software Composition Analysis: The New Armor for Your Cybersecurity
byAggregage
 
PDF
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
byICS
 
PDF
PIRATEs of the Software Supply Chain.pdf
byTAURUSEER
 
PDF
Understanding SBOMs: An Introduction to Modern Development
byAnchore
 
Software Bill of Materials (SBOM): what you as a developer need to know by Kr...
byDevClub_lv
 
SBOMming up the pieces.pptx
byKaushal Parikh
 
Generating SBOMS FROM FOSS_(Detecting OSS licences)
byThierry Gayet
 
Software+Bill+of+Materials+Starter+Guide (1).pdf
bykedofef453
 
Software Composition Analysis: The New Armor for Your Cybersecurity
byAggregage
 
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
byICS
 
PIRATEs of the Software Supply Chain.pdf
byTAURUSEER
 
Understanding SBOMs: An Introduction to Modern Development
byAnchore
 

Similar to API Days October Bangalore Presentation 2025

PDF
How SBOMs Protect Google's Massive Software Supply Chain
byAnchore
 
PDF
Industry Insights Common Pitfalls and Key Considerations in Using Software Bi...
bySZ Lin
 
PDF
(English) XSCAN 브로슈어_Redpensfot 엑스스캔.pdf
byredpensoft
 
PDF
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
byAnchore
 
PDF
SBOM, Is It 42?
byBill Bensing
 
PPTX
What It Takes to Build API Integrations
byNordic APIs
 
PPTX
OpenChain Webinar #50 - An Overview of SPDX 3.0
byShane Coughlan
 
PPTX
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
byJamie Coleman
 
PDF
stackconf 2025 | From SBOM to Software Architecture Documentation by Philip A...
byNETWAYS
 
PDF
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
bysparkfabrik
 
PDF
SIH2023_CodeBreachers_PPT_GSMCOEJJKKJ.pdf
byyetar41947
 
PDF
Apidays Paris 2023 - Building an Inventory, Maria Teresa Pereira, KPMG Portugal
byapidays
 
PDF
Preventing Supply Chain Attacks on Open Source Software
byAll Things Open
 
PDF
What is the Secure Supply Chain and the Current State of the PHP Ecosystem
bysparkfabrik
 
PPTX
Key Takeaways for Java Developers from the State of the Software Supply Chain...
bySteve Poole
 
PDF
Webinar: How to Identify and Tackle SBOM Sprawl
byAnchore
 
PDF
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
byPriyanka Aash
 
PDF
Best practices for API Integration - Bearer.sh
byGuillaume Montard
 
PDF
Improving the software integration with the use of REST API
byIlya Beketov
 
PPTX
Why z/OS is a great platform for developing and hosting APIs
byTeodoro Cipresso
 
How SBOMs Protect Google's Massive Software Supply Chain
byAnchore
 
Industry Insights Common Pitfalls and Key Considerations in Using Software Bi...
bySZ Lin
 
(English) XSCAN 브로슈어_Redpensfot 엑스스캔.pdf
byredpensoft
 
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
byAnchore
 
SBOM, Is It 42?
byBill Bensing
 
What It Takes to Build API Integrations
byNordic APIs
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
byShane Coughlan
 
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
byJamie Coleman
 
stackconf 2025 | From SBOM to Software Architecture Documentation by Philip A...
byNETWAYS
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
bysparkfabrik
 
SIH2023_CodeBreachers_PPT_GSMCOEJJKKJ.pdf
byyetar41947
 
Apidays Paris 2023 - Building an Inventory, Maria Teresa Pereira, KPMG Portugal
byapidays
 
Preventing Supply Chain Attacks on Open Source Software
byAll Things Open
 
What is the Secure Supply Chain and the Current State of the PHP Ecosystem
bysparkfabrik
 
Key Takeaways for Java Developers from the State of the Software Supply Chain...
bySteve Poole
 
Webinar: How to Identify and Tackle SBOM Sprawl
byAnchore
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
byPriyanka Aash
 
Best practices for API Integration - Bearer.sh
byGuillaume Montard
 
Improving the software integration with the use of REST API
byIlya Beketov
 
Why z/OS is a great platform for developing and hosting APIs
byTeodoro Cipresso
 

Recently uploaded

PDF
Booklet Research and Technology Transfer BINUS University
byBinusResearch
 
PPTX
Paul McManis - My India Our India.pptx india
bymcmanispaul3
 
PPTX
Chemeical +Environmental Awarness Trg.pptx
byserdagzy
 
PDF
_Scale Your U.S. Audience on Twitter — Strategy + Execution.pdf
bymarketing
 
DOCX
11 Top Sites To Buy Verified Chime Bank Accounts (Aged.docx
bymarketing
 
PDF
APEC Workshop - KAHIS - Michael Lesniak - Final.pdf
byMichael Lesniak
 
PPTX
Cloud Computing Odedara Manav B. 23bit289d
byManavOdedara
 
PPTX
My slide on how adaptability has helped me throughout my life.
byClementineFlahault
 
PPTX
Roman_Residential_Architecture_b.arch.pptx
bychirayu8105
 
PDF
The Time Has Come: Roarsome Learning, Thinking, Reflecting and Acting - Sheil...
byWellingtone
 
PDF
STW_1_2_Audience_Types .pdf
bybajurajera
 
PPTX
The Case for Neighborhood Reinvention in Kuwait 2.pptx
bydhuhaalsafii
 
PPTX
RESEARCH ABOUT PHILIPPINE LITERARY PERIODS
byDJFlores1
 
PPTX
Cybersecurity Threats and Prevention Odedara Manav
byManavOdedara
 
PPTX
2025-11-09 Moses 06 (shared slides).pptx
byDale Wells
 
PDF
250923 Meeting 1 - Descriptive Text grade 11
byarsipkusemester4
 
PPTX
THE IMPORTANCE OF PEACE- Values Education.pptx
bydaisyabonita2
 
Booklet Research and Technology Transfer BINUS University
byBinusResearch
 
Paul McManis - My India Our India.pptx india
bymcmanispaul3
 
Chemeical +Environmental Awarness Trg.pptx
byserdagzy
 
_Scale Your U.S. Audience on Twitter — Strategy + Execution.pdf
bymarketing
 
11 Top Sites To Buy Verified Chime Bank Accounts (Aged.docx
bymarketing
 
APEC Workshop - KAHIS - Michael Lesniak - Final.pdf
byMichael Lesniak
 
Cloud Computing Odedara Manav B. 23bit289d
byManavOdedara
 
My slide on how adaptability has helped me throughout my life.
byClementineFlahault
 
Roman_Residential_Architecture_b.arch.pptx
bychirayu8105
 
The Time Has Come: Roarsome Learning, Thinking, Reflecting and Acting - Sheil...
byWellingtone
 
STW_1_2_Audience_Types .pdf
bybajurajera
 
The Case for Neighborhood Reinvention in Kuwait 2.pptx
bydhuhaalsafii
 
RESEARCH ABOUT PHILIPPINE LITERARY PERIODS
byDJFlores1
 
Cybersecurity Threats and Prevention Odedara Manav
byManavOdedara
 
2025-11-09 Moses 06 (shared slides).pptx
byDale Wells
 
250923 Meeting 1 - Descriptive Text grade 11
byarsipkusemester4
 
THE IMPORTANCE OF PEACE- Values Education.pptx
bydaisyabonita2
 

API Days October Bangalore Presentation 2025

  • 2.
  • 3.
    SBOM General inventory ofall software components, libraries, packages, and dependencies Covers entire software systems Focus on code components only Used in traditional software supply chain risk management Typical fields: APISBOM SBOM specialized for API Inventory only Includes API metadata like version, owner, endpoints Used for API Security and API Supply Chain V/S • API name and version • API endpoint list • Which components are used in which endpoints • API-specific build & release info • API Methods Used • API security posture and vulnerability mapping Additional fields (on top of SBO M ): • Component name, version, supplier • License type • Checksums (hashes) • Known vulnerabilities (CVEs)
  • 4.
    API version Detailed inventory of API-SBOM Standsfor API Software Bill of Materials. All APIs in the application API OEM (Custom / Commercial / Open Source) API Vulnerability API license API Checksum
  • 5.
    Visibility & Inventory •Central catalog of APIs • Versions, dependencies & ownership Security & Risk Management • Vulnerability & open-source risk mapping • Prioritized API risk assessment Operational Resilience • Faster incident response & RCA • Supports Zero Trust enforcement Automation & Integration • Automated testing & CI/CD security • Baseline for API health/SLA Continuous Posture Improvement • Living, evolving API inventory • Ongoing security posture enhancement API-SBOM Pillars Compliance & Governance • Licensing & regulatory tracking • Ownership clarity & audit trails
  • 6.
    Core SBOM Standards CycloneDX SWID (SoftwareIdentification Tags) SPDX (Software Package Data Exchange)
  • 7.
  • 8.
    APISBOM Emerging Concepts API Dependency Graph Cross-OrganizationAPI Provenance Tracking Machine-Readable Policy Enforcement Zero-Trust Readiness Metadata Immutable, Signed SBOM Snapshots Version Drift Detection Data Sensitivity & Regulatory Annotation CI/CD Pipeline Integration Runtime API SBOM Generation Security Posture Enrichment
  • 9.
    Benefits Challenges V/S Comprehensive Visibility ImprovedSecurity Posture Regulatory & License Compliance Faster Incident Response Supports risk prioritization & governance Continuous Maintenance Overhead Tooling & Integration Gaps Complexity of Data Collection Lack of Standardization Organizational Adoption Resistance
  • 10.
    Enabling organizations toeasily deploy cyber security solutions and enhance their cyber security posture” VISION & MISSION What Guides Us.. “Making Security Simple”
  • 11.
    We are productinnovators and have four (4) indigenously created cyber security products to address areas of: Application Security Cyber-Resilience Cyber Training Cyber Incident Management Empowering Cyber Resilience
  • 12.
  • 13.

Editor's Notes

  • #6 Cyclone DX - SBOM Generation, Vulnerability Management, License Compliance, Software Supply Chain Risk Management:, API and Service Transparency by supporting API SBOMs describing dependencies and integrations of APIs and microservices). SWID- Software Inventory Management: , License Compliance, Security & Vulnerability Management, Automation & Configuration Management: SPDX- License Compliance, SBOM Representation, Vulnerability Management, Supply Chain Documentation
  • #9 Benefits Central inventory of all APIs, versions, endpoints, and dependencies Proactively identify vulnerable or outdated APIs Quickly trace affected APIs during security incidents Meet compliance audits with ownership/licensing data Better decisions on API lifecycle and security Challenges Hard to gather accurate API details across teams/environments No universally accepted API-specific SBOM format Most SBOM tools are package-focused, not API-aware Frequent updates needed as APIs change fast Teams may resist due to perceived extra work