Back To Schedule
Wednesday, October 9 • 9:30am - 9:55am
OPEN TALK (API): How Low-Tech Hackers Hack Your APIs in 15 Min or Less

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
It is very hard, if not impossible, to secure something you don’t know exist. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to reviews. For example, a “dated trend” by effective yet lazy hackers is to search for API unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data. While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target”, the same can be said for Shadow API….Find, Connect, Extract. This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button (lines of code in python code :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data.

API World 2019 Speakers
avatar for Himanshu Dwivedi

Himanshu Dwivedi

CEO, Data Theorem
Himanshu Dwivedi is the CEO of Data Theorem, Inc., a SaaS platform for cloud and application security. Data Theorem helps customers secure mobile apps (iOS &Android), Cloud Apps (RestAPIs), Serverless Apps (Lambda, Google Cloud Functions, Azure Functions), and Single Page WebApps... Read More →

Wednesday October 9, 2019 9:30am - 9:55am PDT
API World -- Expo Innovation Stage