Today's modern apps are increasingly moving towards richer experiences on the client as Windows Phone and Windows 8 apps become increasingly popular. Far from being the rich client apps of yore, today's modern client apps are highly interactive with back end services and there's no better way to deliver these than via Web API._x000D_ The web poses all sorts of online threats which put not just our browser based apps at risk, but those consuming from web services as well. This includes everything from the threats posed by a man in the middle to weaknesses in authentication and authorisation schemes. What's more, the risks tend to be more out of sight in the API world as they're not as highly visible as websites loaded in the browser. But make no mistake, cyber attackers can easily sniff out insecure API implementations and many of them are being readily exploited._x000D_ This session introduces attendees to the security paradigms available to them in Web API and consumable through Windows Phone and Windows 8 apps. It provides them with essential knowledge to ensure that the server interactivity provided to them within this new rich client world is properly secured at various levels as the principles of 'defence in depth' are applied.