Over the last decade, APIs have opened up new worlds and allowed us to accomplish wildly complex tasks with just a few lines of code. They’ve made the extraordinary almost mundane. Unfortunately, poorly designed and implemented APIs have opened us up to vulnerabilities and attacks we never considered before. While Equifax is the biggest and one of the most well known, odds are there are APIs within your systems which are just as bad but you don’t even know.
In this session, we’ll walk through a number of (now resolved!) vulnerabilities from production APIs, how they were found, and what you should watch for in your own APIs.