1. Vendor Management: Assessing API Security Risks

Vendor Management: Assessing API Security Risks

Event ID: 2148308
Duration: Scheduled for 90 minutes including question and answer period.
Presenter: Gary Deutsch, CPA, president, BRT Publications, LLC
Credits: Live webinar approved for 1.5 NASBA credit hours (Management Services)

Vendor Management: Assessing API Security Risks

As outsourcing has continued to grow, so have risks. One of the outsourcing risks is related to “open banking” which is an emerging trend seen in financial technology (fintech) companies. This trend is based on using application programming interfaces (APIs) that enable third-party developers to build applications and services to connect with an institution’s systems and data. With APIs, retail banking customers can use third-party apps or other financial services that may not otherwise be offered by their own bank. Corporate customers expect to connect directly with their enterprise resource planning (ERP) or legacy systems in a secure, seamless and timely manner. They also expect institutions to provide for greater control overpayments. APIs can enable institutions to offer these capabilities. From this perspective, open banking is helping to refresh legacy systems to meet customer needs.

Before APIs were available, institutions relied on core “closed” systems to ensure security and data protection. However, as institutions incorporate third party vendor APIs as part of the open banking movement, data and application security have become more complex. Now that open banking and APIs are becoming the norm, vendor managers must include API security as part of their many important responsibilities.

The security risk is that hackers thrive on exploiting business logic ?aws in APIs. For instance, they perform repeated brute force attacks. They use wildcards in search fields to shut down APIs and applications. They screen APIs to find loopholes to extract sensitive customer and business data. These attacks are problematic because traditional web security measures cannot stop these attacks. Overall, APIs face numerous security threats and the security measures that institutions must take are specific to these programs.

Please join Gary Deutsch, as he provides participants with insight into the new and evolving API economy as well as methods to establish a risk assessment of vendors APIs to assist with your vendor management responsibilities. This approach will address risk issues such as the ones below.


  • What is an API?
  • Why banks are participating in the API economy
  • Types of API applications in the banking space
  • Understanding API threats and vulnerabilities
  • Identifying risk exposures and business impact
  • Understanding API risk mitigation best practices
  • Methods for conducting an API Risk Assessment
  • BankersWeb.com Quality Commitment

    BankersWeb, a division of CareerLearning, wants you to be satisfied with your webinar purchase. If this webinar does not meet your expectations, please email us at [email protected].