We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Corey Ball - Start Hacking APIs
Explore the urgent need for API security, uncovering common vulnerabilities, misconfigurations, and the importance of using the right tools and techniques to protect sensitive data from devastating attacks.
- The importance of API security and understanding attacker tactics
- APIs often have unpatched vulnerabilities and are a leading attack vector
- Versioning is a major problem for APIs, with older versions still available
- Look for Authorization and Authentication vulnerabilities
- Misconfigurations can lead to severe consequences, such as data breaches
- Use tools like Postman Collection Runner to automate requests and discover vulnerabilities
- Not all scanners are created equal, and some are better suited for API testing
- APIs should be tested for rate limiting and rate thrift
- Many organizations are still relying on generic scanners and not testing APIs specifically
- The importance of testing APIs with the right tools and techniques
- APIs can be a valuable resource or important sensitive data, and should be properly secured
- Many organizations are still neglecting API security
- The abuse of APIs can be devastating, and vulnerable APIs should be prioritized
- API security testing should be done regularly and with the right tools
- Many organizations are still not treating API security seriously
- The importance of having a layered defense and not relying solely on scanners