Software Engineering Institute (SEI) Podcast Series API Security: An Emerging Concern in Zero Trust Implementations
Oct 8, 2025
Join McKinley Sconiers-Hasan, a solutions engineer specializing in API security and zero trust at SEI CERT, as she dives into the critical concerns around API vulnerabilities. She discusses how common security issues expand the attack surface and explains the importance of protecting internal APIs under a zero trust approach. McKinley shares insights on avoiding pitfalls in API adoption, highlights the role of machine learning in enhancing API security, and emphasizes the need for rigorous monitoring of API communications.
AI Snips
Chapters
Transcript
Episode notes
APIs Are The Engine Of Internet Traffic
- APIs act as the connectors for most internet traffic, handling logins, machine-to-machine calls, and admin functions.
- They require precise inputs and access patterns, making them central to application behavior and risk exposure.
Limit Attack Surface And Cascading Failures
- Treat APIs as additional network attack surface and inventory them to reduce exposed entry points.
- Avoid tightly coupled microservices that create cascading failures by limiting interdependencies.
Zero Trust Naturally Includes APIs
- Zero Trust treats internal network segments with the same scrutiny as the perimeter, which maps naturally to protecting APIs.
- Securing internal and public-facing APIs aligns with Zero Trust's principle of continuous verification.