Explore the hidden dangers of Shadow and Zombie APIs in this 22-minute conference talk from BSidesLV. Learn to understand, discover, and identify these potential security vulnerabilities that can expose private information or create unintended backdoors. Delve into the problem scope, classical solutions, and practical techniques for popular Web API frameworks like Express.js and SpringBoot using Interactive Application Security Testing. Discover methods to increase difficulty for adversaries and see a demonstration of an open-source tool designed to proactively bridge the gap between API specifications and actual exposures. Gain valuable insights from speaker Amit Srour on protecting your systems from these unexpected threats.
Preparing for the API Apocalypse - Exposing Shadow and Zombie APIs
Overview
Syllabus
Ground Floor, Tue, Aug 6, 17:00 - Tue, Aug 6, CDT
Taught by
BSidesLV
Related Courses
-
Hacking Arcade Cashless Systems: Vulnerabilities and Exploits
-
Blood in the Water: Preparing for the Feeding Frenzy - Cybersecurity Threats to US Water Systems
-
Building Your Own WHOIS Dataset for Reconnaissance
-
Threat Modeling at Scale: More Than Shifting Left
-
Security Pitfalls with Exec Commands in Software Integrations - A Quick Story
-
BOLABuster: Harnessing LLMs for Automating BOLA Detection
