9:00 AM PT

AppSec in 2025: Navigating Risks, Threats, and Innovation

Mike Shema kicks off the Cyber Risk Series: AppSec Edition with an insightful look at the evolving application security landscape. He’ll outline key challenges, emerging threats, and strategies shaping AppSec today.

9:15 AM PT

Bringing It All Together: What Industry Data Says about Securing APIs

APIs power the digital experiences that customers and partners increasingly expect, yet their rapid growth and expanding threat landscape pose urgent security challenges that no organization can afford to overlook. In this data-driven presentation, Katie Norton, an industry analyst at IDC, explores the rapidly evolving landscape of API security and why it has become a critical priority for modern organizations. Drawing on IDC research and real-world breach examples, she will highlight the expansive role of APIs in connecting systems, fueling innovation, and shaping user experiences—while also expanding the potential attack surface for malicious actors. She also will examine how emerging trends such as generative AI and AI agents transform the threat landscape by introducing new complexities. Finally, she will underscore the importance of a holistic, end-to-end security strategy—spanning tool convergence, DevSecOps practices, and a robust security culture—to ensure that businesses not only comply with evolving regulations but also thrive in an increasingly connected digital world.

9:45 AM PT

API Security: Beyond The Scan

Many organizations rely on vulnerability management tools that do not scan for API vulnerabilities effectively. Using data from breaches, industry reports, and his own experience, Corey will make the case for a holistic approach to API security. APIs must be tested for insecure authorization, authentication, and trust boundary weaknesses. To ensure comprehensive testing in these areas, Corey will provide practical guidance for API security testing.

10:15 AM PT

At the Risk of CVE

We know CVEs are in everything – VM programs, red teams, asset management, compliance mandates, etc. But they are not well understood and there are a lot of nuances that have made it difficult and cumbersome to use. RSnake will do a deep dive into the issues, and hopefully shed new light on the thing we all use and will likely use for a very long time.

10:45 AM PT

The Breaking Point: Can Security Keep Up with the Web’s Accelerating Complexity?

The field of application security is evolving at an unprecedented rate. Modern browsers have become full-fledged execution environments with rapidly expanding capabilities. JavaScript continues to grow in scope, enabling more complex applications while simultaneously introducing new attack vectors. Traditional security controls are increasingly being bypassed by emerging protocols and evolving exploitation techniques.

At the same time, artificial intelligence is reshaping the software development lifecycle by accelerating code generation, automating workflows, and increasing deployment velocity. This surge in automation is driving exponential growth in applications and functionality, but it is also expanding and diversifying the attack surface. Security measures that were once effective are now struggling to keep pace with the speed and complexity of modern development environments.

Automation is no longer optional but rather it is a fundamental requirement for securing applications at scale. Security teams must rethink their approach to stay ahead of emerging threats. This talk will examine the evolution of attacker techniques in response to increasing browser capabilities, the security challenges posed by AI-driven code proliferation, the next phase of application security, and the necessity of automation in securing evolving architectures.

11:15 AM PT

Securing APIs at Scale: How Qualys Secures Its Own Stack

Discover how Qualys’ engineering team secures its own APIs using Qualys TotalAppSec. Qualys CTO shares real-world insights on leveraging continuous security testing, risk-based prioritization, and automation to safeguard APIs at scale—ensuring resilience and compliance while accelerating innovation. Learn best practices you can apply to secure your applications.

11:35 AM PT

Unlocking API Security: Security Strategies and Best Practices for a Secure Digital Future

In today’s interconnected world, ensuring the security of APIs is crucial for safeguarding sensitive data and maintaining system integrity. This session will explore various approaches to API security, diving into their benefits and potential drawbacks, providing a balanced view to help you make informed decisions for your security strategy.

Additionally, Asma will cover selecting the right API security testing tool for your organization to protect your digital ecosystem. Whether you’re a security specialist, information security leader, or developer, this webinar will equip you with the knowledge needed to enhance your API security strategy effectively.