27 min listen
API Security (Shadow APIs) - Himanshu Dwivedi - ASW #181
API Security (Shadow APIs) - Himanshu Dwivedi - ASW #181
ratings:
Length:
36 minutes
Released:
Jan 24, 2022
Format:
Podcast episode
Description
It is hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against flaws in code that receives little review. For example, a “dated trend” by effective yet lazy hackers is to search for APIs unknown by security teams, coined “Shadow APIs”, then connect to these APIs and extract data. SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean pay dirt or “move on to the next target”. Now the same can be said for Shadow API: Find, Connect, Extract. Himanshu will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button or a few lines of code in Python. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw181
Released:
Jan 24, 2022
Format:
Podcast episode
Titles in the series (100)
Google, Intel, Mozilla, and Starbucks - Application Security Weekly #00: In the Application Security News, Paul and Keith talk about impatient employers designing their own courses, measurable CPU differences in AWS from Intel CPU vulnerabilities, the CEO of Intel selling a gigantic amount of stock, and Starbucks Wi-Fi... by Application Security Weekly (Video)