How Ethical Hacking Tricks Can Protect Your APIs and Apps

TNS host Heather Joslyn sits down with Ron Masas to discuss trade-offs when it comes to creating fast, secure applications and APIs. He notes a common issue of neglecting documentation and validation, leading to vulnerabilities. Weak authorization is a recurring problem, with instances where changing an invoice ID could expose another user's data.

Masas, an ethical hacker, highlights the risk posed by "zombie" APIs—applications that have become disused but remain potential targets. He suggests investigating frameworks, checking default configurations, and maintaining robust logging to enhance security. Collaboration between developers and security teams is crucial, with "security champions" in development teams and nuanced communication about vulnerabilities from security teams being essential elements for robust cybersecurity.

For further details, the podcast discusses case studies involving TikTok and Digital Ocean, Masas's views on AI and development, and anticipated security challenges.

Learn more from The New Stack about Imperva and API security:

What Developers Need to Know about Business Logic Attacks

Why Your APIs Aren’t Safe — and What to Do about It

The Limits of Shift-Left: What’s Next for Developer Security

Join our community of newsletter subscribers to stay on top of the news and at the top of your game.