46 min
12. API Security and FHIR Recommendations APIs Over IPAs
-
- Technologies
Alissa Knight, partner at Knight Inc Media, shares her insights into how to protect your APIs and what's in store with the latest version of FHIR.
Specifically, we cover:
• Avoid prison yellow and become an ethical hacker
• Authentication doesn’t equal authorization
• Protect against BOLA with scopes
• Don’t use WAFs to protect your APIs
• Know what traffic is going to your API
• Shift left security. Shield right.
• PHI is worth 1,000X credit card info
• APIs are the weakest link in healthcare
• APIs have multiple attack surfaces
• Banning apps from jail-broken phones doesn’t help
• Use MobSF to find API keys
• APIs need to comply with FHIR
• Implement FHIR correctly
• Get FHIR certified
• FHIR certification versus HIPAA compliance
• There’s no one right solution for API security
• Instrument your APIs
Alissa Knight, partner at Knight Inc Media, shares her insights into how to protect your APIs and what's in store with the latest version of FHIR.
Specifically, we cover:
• Avoid prison yellow and become an ethical hacker
• Authentication doesn’t equal authorization
• Protect against BOLA with scopes
• Don’t use WAFs to protect your APIs
• Know what traffic is going to your API
• Shift left security. Shield right.
• PHI is worth 1,000X credit card info
• APIs are the weakest link in healthcare
• APIs have multiple attack surfaces
• Banning apps from jail-broken phones doesn’t help
• Use MobSF to find API keys
• APIs need to comply with FHIR
• Implement FHIR correctly
• Get FHIR certified
• FHIR certification versus HIPAA compliance
• There’s no one right solution for API security
• Instrument your APIs
46 min