Over the last decade, APIs have opened up new worlds and allowed us to accomplish wildly complex tasks with just a few lines of code. They’ve made the extraordinary almost mundane. Unfortunately, poorly designed and implemented APIs have opened us up to vulnerabilities and attacks we never considered before. While Equifax is the biggest and one of the most well known, odds are there are APIs within your systems which are just as bad but you don’t even know.

In this session, we’ll walk through a number of (now resolved!) vulnerabilities from production APIs, how they were found, and what you should watch for in your own APIs.


Comments are closed.

Eric Poe at 11:13 on 21 Apr 2018

Energetic, entertaining, & spooky. Unfortunately, this talk is always timely.

Marion Sartor at 11:24 on 21 Apr 2018

Wow! This talk will either teach or remind you of how personal information shared online is vulnerable to access by unauthorized and unauthenticated parties, and how it could potentially be used to our detriment.

Darren Wright at 11:54 on 21 Apr 2018

Good content and information to adhere to.

Daniel Kadosh at 14:22 on 21 Apr 2018

I'm really scared about possible misuses of our APIs that I had not considered. Mr. Danger is an energetic and passionate speaker, full of great anecdotes and general wisdom about security.

Eye opening. Gave me a lot of pause as I consider the things I've built and the decisions that were made.