Back To Schedule
Tuesday, October 8 • 2:00pm - 2:50pm
PRO WORKSHOP (API): Your APIs May Be Leaking Data, Learn How to Stop It

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
APIs are the visible backbone of any application; it’s where all the data and requests get processed. As a result, the API layer exposes a very large surface area for attacks - as evident in the latest hacks against Google+, Facebook and many others. Hackers are now targeting API-specific vulnerabilities and most companies do not even know that their APIs are leaking data. While technical security vulnerabilities, like SQL injection and cross-site scripting (XSS), are the most widely known flaws stemming from coding errors, the vast majority of API attacks exploit access control and business logic vulnerabilities that cannot be detected with SAST and DAST vulnerability scanning solutions. In this session, you will learn about the best practices to identify, track and fix role-based and attribute-based access control (RBAC & ABAC) vulnerabilities that allow users to accumulate excess permissions granting them unauthorized access to otherwise secure API endpoints and resources. You will also learn about business logic flaws that allow hackers to manipulate legitimate API calls to steal data and interfere with business functions. Such vulnerabilities have contributed to the vast majority of API attacks (including Google+, Facebook, Citi and T-Mobile) and could cost companies extremely high fines for breaching GDPR and other regulatory guidelines.

API World 2019 Speakers
avatar for Intesar Mohammed

Intesar Mohammed

CTO & Co-Founder FX Labs, Inc. API Cybersecurity Startup, FX Labs, Inc.
Intesar Shannan  Mohammed is a serial entrepreneur with extensive experience in API security,  cloud orchestration, and container management. He is currently the CTO &  co-founder of FX Labs, an API cybersecurity company that allows enterprises  to detect and remediate vulnerabilities... Read More →

Tuesday October 8, 2019 2:00pm - 2:50pm PDT
API World -- Workshop Stage B