ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "12. API Security and FHIR Recommendations"
Episode Synopsis
Alissa Knight, partner at Knight Inc Media, shares her insights into how to protect your APIs and what's in store with the latest version of FHIR.
Specifically, we cover:
• Avoid prison yellow and become an ethical hacker
• Authentication doesn’t equal authorization
• Protect against BOLA with scopes
• Don’t use WAFs to protect your APIs
• Know what traffic is going to your API
• Shift left security. Shield right.
• PHI is worth 1,000X credit card info
• APIs are the weakest link in healthcare
• APIs have multiple attack surfaces
• Banning apps from jail-broken phones doesn’t help
• Use MobSF to find API keys
• APIs need to comply with FHIR
• Implement FHIR correctly
• Get FHIR certified
• FHIR certification versus HIPAA compliance
• There’s no one right solution for API security
• Instrument your APIs
Specifically, we cover:
• Avoid prison yellow and become an ethical hacker
• Authentication doesn’t equal authorization
• Protect against BOLA with scopes
• Don’t use WAFs to protect your APIs
• Know what traffic is going to your API
• Shift left security. Shield right.
• PHI is worth 1,000X credit card info
• APIs are the weakest link in healthcare
• APIs have multiple attack surfaces
• Banning apps from jail-broken phones doesn’t help
• Use MobSF to find API keys
• APIs need to comply with FHIR
• Implement FHIR correctly
• Get FHIR certified
• FHIR certification versus HIPAA compliance
• There’s no one right solution for API security
• Instrument your APIs
More episodes of the podcast APIs Over IPAs
14. APIs for the Right Business Case
09/06/2022
13. Supporting 10 Million Developers
23/11/2021
In God we trust