SlideShare a Scribd company logo
How Your API Be My API
Jie @ iThome CyberSec 2023
2023/05/10
curl -X GET https://127.0.0.1/info
https://www.linkedin.com/in/jieliau
https://github.com/jieliau
https://www.facebook.com/jie.liau
https://twitter.com/0xJieLiau
https://jieliau.medium.com/
{
"Name": "Jie Liau",
"Experiences": [
"Building Your Container Botnet in 1 Minute . - Session speaker in iThome CYBERSEC 2021",
"Container Security. - Session speaker in InfoSec 2020",
"Protecting Your Internet Route Integrity. - Session speaker in iThome CYBERSEC 2020",
"The Dark Side. - Seminar speaker in CSE, Yuan Ze University 2018",
"The Tor Network. - Session speaker in TDOH Conference 2017",
"What Does Network Operation Looks Like. - Seminar speaker in CSE, Yuan Ze University 2016"
],
"Certi
fi
cations": [
"CCIE",
"OSCP",
"CEH"
]
}
This talk is given by me as individual
My employer is not involved in any way
Disclaimer
According to Akamai, 83% of all internet tra
ffi
c is
from API, while HTML tra
ffi
c has fallen to just 17%
https://www.akamai.com/newsroom/press-release/state-of-the-internet-security-retail-attacks-and-api-traf
fi
c
According to Gartner, by 2022 APIs would
become the #1 most frequent attack vector
https://www.infosecurity-magazine.com/next-gen-infosec/api-attacks-threat-vector-2022/
https://www.gartner.com/en/webinars/4002323/api-security-protect-your-apis-from-attacks-and-data-breaches
What is API
Application Programming Interface
RESTful API
Web Services
URIs
HTTP protocol/method
Problems
Directly access to sensitive data
Over-permissioned
Vulnerable to logic
fl
aws
API
Web App
Mobile App
Micro Services
Why API Security is important
Reconnaissance Weaponise Delivery Exploit
Lateral
Movement
Privilege
Escalation
Breach
Classic Cyber Kill Chain
Find
Vulnerability
Breach
Reconnaissance
API Attack Cyber Kill Chain
OWASP API Security Project
The unique vul and security risks of Application Programming Interfaces
First release of API Security Top 10 in 2019
OWASP API Security Top 10 2023 now is RC
https://owasp.org/www-project-api-security/
https://github.com/OWASP/API-Security/tree/master/2023/en/src
2019 OWASP API Security Top 10
API1 Broken Object Level Authorization API6 Mass Assignment
API2 Broken User Authentication API7 Security Miscon
fi
guration
API3 Excessive Data Exposure API8 Injection
API4 Lack of Resources & Rate Limiting API9
Improper Assets
Management
API5 Broken Function Level Authorization API10
Insuf
fi
cient Logging &
Monitoring
2023 OWASP API Security Top 10 (RC)
API1 Broken Object Level Authorisation API6 Server Side Request Forgery
API2 Broken Authentication API7 Security Miscon
fi
guration
API3
Broken Object Property Level
Authorisation
API8
Lack Of Protection From
Automated Threats
API4 Unrestricted Resource Consumption API9
Improper Assets
Management
API5 Broken Function Level Authorisation API10
Unsafe Consumption Of
APIs
Find Your API
Passive
Google Dork
intitle:"index of” twitter-api-php
intitle:"index of" facebook-api
inurl:”/wp-json/wp/v2/users"
inurl:pastebin "API_KEY"
Git Dork
Shodan
“content-type: application/json”
“content-type: application/xml”
“wp-json”
The Wayback Machine
Active
Nmap
nmap —script=http-enum 192.168.0.123 -p 80, 443
OWASP Amass
amass enum -active -d yourapi.com
Gobuster
Kiterunner
Browser Dev Tool
HowYourAPIBeMyAPI
https://github.com/OWASP/crAPI
HowYourAPIBeMyAPI
Analyse Your HTTP Req and Rep
Tools
Postman
Burp Suite
Mitmproxy2swagger
Excessive Data Exposure
Postman
https://youtu.be/Ygjr-3eYqZI
Mitmproxy2swagger
https://youtu.be/b6BAezdW1Ek
Classic Authentication Attack
Password Brute-Force
Password Spraying
Combining a long list of users with short list of targeted passwords
Password spraying
https://youtu.be/GSVkNudLpg0
API Token Attack
Token Analysis
Identify predicable tokens
Burp Suite Sequencer
Token Analysis
https://youtu.be/yXSXgaclF-M
BOLA / BFLA
Broken Object Level Authorisation
User A is able to request User B’s resources, and vice versa
Broken Function Level Authorisation
Perform unauthorized actions, PUT, DELETE, etc…
BOLA
https://youtu.be/m39K7oJeDZU
BFLA
https://youtu.be/k1tQ6M7xqzU
Improper Assets Management
Version number
URL
Header
Parameter
Request body
Non-production API
test.example.com
uat.example.com
beta.example.cm
ImproperAssetsManagement
https://youtu.be/pvvlMC0UXy0
Mass Assignment
Overwrite object properties that should not be able to do
Assign yourself as admin account
“isadmin”: true
“isadmin”: 1
“admin”: true
{
“name”: “Demo”,
“email”: “email@example.com”,
“company”: “companyABC”,
}
{
“name”: “Demo”,
“email”: “email@example.com”,
“company”: “companyXYZ”,
“admin”: “true”
}
Mass Assignment
https://youtu.be/5tFYvNJPiyQ
Server Side Request Forgery
Types
In-Band SSRF
Blind SSRF
Look for any URL
POST body
Parameter
Header, for example Referrer
Any user input
Tools
https://webhook.site
https://pingb.in
SSRF
https://youtu.be/ImcbkQNGnvg
Injection
SQL Injection
Null byte - %00
‘
‘ OR 1 = 1 — -
NoSQL Injection
$gt
{“$gt”:-1}
$ne
{“$ne”:””}
$nin
{“$where”: “sleep(1000)“}
OS Injection
| ||
& &&
;
‘ “”
whoami, ipcon
fi
g, pwd, etc…
Real World Cases
https://www.bleepingcomputer.com/news/security/hacker-claims-to-be-selling-twitter-data-of-400-million-users/
Submitting email addresses or phone numbers to the API to identify which account they were linked to
https://apisecurity.io/issue-173-coinbase-vulnerability-authn-authz-best-practices-bad-bots-hack-elgato-key-light/
https://twitter.com/Tree_of_Alpha/status/1495014907028422662
HowYourAPIBeMyAPI
References
https://www.apisecuniversity.com/
https://www.akamai.com/newsroom/press-release/state-of-the-internet-security-retail-attacks-and-api-traf
fi
c
https://www.infosecurity-magazine.com/next-gen-infosec/api-attacks-threat-vector-2022/
https://www.upwork.com/resources/soap-vs-rest-a-look-at-two-different-api-styles
https://www.redhat.com/en/topics/api/what-are-application-programming-interfaces
https://archive.org/web/
https://venturebeat.com/security/twitter-breach-api-attack/
https://thenewstack.io/twitter-leak-shows-how-important-api-security-remains-in-2023/
https://apisecurity.io/issue-173-coinbase-vulnerability-authn-authz-best-practices-bad-bots-hack-elgato-key-light/
https://apimike.com/coinbase-api-vulnerability-bug
https://salt.security/blog/understanding-the-coinbase-api-vulnerability
https://twitter.com/Tree_of_Alpha/status/1495014907028422662
Thank You !!!

More Related Content

What's hot

OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
42Crunch
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
Isabelle Mauny
 
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
Abhay Bhargav
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
apidays
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
 
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Vaticle
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
Blueinfy Solutions
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security -  API Security top 10 - Erez YalonCheckmarx meetup API Security -  API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
 
OWASP Top 10 API Security Risks
OWASP Top 10 API Security RisksOWASP Top 10 API Security Risks
OWASP Top 10 API Security Risks
IndusfacePvtLtd
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based  Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based  Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
Christian Heinrich
 
OpenID Connect入門
OpenID Connect入門OpenID Connect入門
OpenID Connect入門
土岐 孝平
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
DirkjanMollema
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
Michael Gough
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
Prabath Siriwardena
 

What's hot (20)

OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
 
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
 
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security -  API Security top 10 - Erez YalonCheckmarx meetup API Security -  API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
 
OWASP Top 10 API Security Risks
OWASP Top 10 API Security RisksOWASP Top 10 API Security Risks
OWASP Top 10 API Security Risks
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based  Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based  Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
 
OpenID Connect入門
OpenID Connect入門OpenID Connect入門
OpenID Connect入門
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 

Similar to HowYourAPIBeMyAPI

OWASPAPISecurity
OWASPAPISecurityOWASPAPISecurity
OWASPAPISecurity
Jie Liau
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
VishwasN6
 
API Hijacking (1).pdf
API Hijacking (1).pdfAPI Hijacking (1).pdf
API Hijacking (1).pdf
Vishwas N
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
Vishwas N
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
Riddhi Shree
 
Web API Security
Web API SecurityWeb API Security
Web API Security
Stefaan
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia  2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia  2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays
 
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meet
vinoth kumar
 
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
apidays
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
Railwaymen
 
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
 
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
apidays
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Anna Klepacka
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
Riddhi Shree
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Web Apps: APIs' Nightmare
Web Apps: APIs' NightmareWeb Apps: APIs' Nightmare
Web Apps: APIs' Nightmare
Paulo Silva
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
42Crunch
 

Similar to HowYourAPIBeMyAPI (20)

OWASPAPISecurity
OWASPAPISecurityOWASPAPISecurity
OWASPAPISecurity
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
 
API Hijacking (1).pdf
API Hijacking (1).pdfAPI Hijacking (1).pdf
API Hijacking (1).pdf
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia  2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia  2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
 
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meet
 
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
 
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
Web Apps: APIs' Nightmare
Web Apps: APIs' NightmareWeb Apps: APIs' Nightmare
Web Apps: APIs' Nightmare
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 

More from Jie Liau

iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
Jie Liau
 
iThome CyberSec2021 Container Security
iThome CyberSec2021 Container SecurityiThome CyberSec2021 Container Security
iThome CyberSec2021 Container Security
Jie Liau
 
Container Security
Container SecurityContainer Security
Container Security
Jie Liau
 
Protecting Your Internet Route Integrity
Protecting Your Internet Route IntegrityProtecting Your Internet Route Integrity
Protecting Your Internet Route Integrity
Jie Liau
 
The Tor Network
The Tor NetworkThe Tor Network
The Tor Network
Jie Liau
 
IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017
Jie Liau
 
DDoS
DDoSDDoS
DDoS
Jie Liau
 
Shell Shock
Shell ShockShell Shock
Shell Shock
Jie Liau
 

More from Jie Liau (8)

iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
iThome CyberSec2021 Container Security
iThome CyberSec2021 Container SecurityiThome CyberSec2021 Container Security
iThome CyberSec2021 Container Security
 
Container Security
Container SecurityContainer Security
Container Security
 
Protecting Your Internet Route Integrity
Protecting Your Internet Route IntegrityProtecting Your Internet Route Integrity
Protecting Your Internet Route Integrity
 
The Tor Network
The Tor NetworkThe Tor Network
The Tor Network
 
IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017
 
DDoS
DDoSDDoS
DDoS
 
Shell Shock
Shell ShockShell Shock
Shell Shock
 

Recently uploaded

Concepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.pptConcepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.ppt
princeshah76
 
If we're running two pumps, why aren't we getting twice as much flow? v.17
If we're running two pumps, why aren't we getting twice as much flow? v.17If we're running two pumps, why aren't we getting twice as much flow? v.17
If we're running two pumps, why aren't we getting twice as much flow? v.17
Brian Gongol
 
Red Hat Enterprise Linux Administration 9.0 RH134 pdf
Red Hat Enterprise Linux Administration 9.0 RH134 pdfRed Hat Enterprise Linux Administration 9.0 RH134 pdf
Red Hat Enterprise Linux Administration 9.0 RH134 pdf
mdfkobir
 
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
IJAEMSJORNAL
 
How to Formulate A Good Research Question
How to Formulate A  Good Research QuestionHow to Formulate A  Good Research Question
How to Formulate A Good Research Question
rkpv2002
 
Machine Learning_SVM_KNN_K-MEANSModule 2.pdf
Machine Learning_SVM_KNN_K-MEANSModule 2.pdfMachine Learning_SVM_KNN_K-MEANSModule 2.pdf
Machine Learning_SVM_KNN_K-MEANSModule 2.pdf
Dr. Shivashankar
 
Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2
821priyankaj
 
JORC_Review_presentation. 2024 código jorcpdf
JORC_Review_presentation. 2024 código jorcpdfJORC_Review_presentation. 2024 código jorcpdf
JORC_Review_presentation. 2024 código jorcpdf
WilliamsNuezEspetia
 
Cisco Intersight Technical OverView.pptx
Cisco Intersight Technical OverView.pptxCisco Intersight Technical OverView.pptx
Cisco Intersight Technical OverView.pptx
Duy Nguyen
 
carpentry-11-module-1.docx 1 identifying tools
carpentry-11-module-1.docx 1 identifying toolscarpentry-11-module-1.docx 1 identifying tools
carpentry-11-module-1.docx 1 identifying tools
ChristopherAltizen2
 
Kerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdfKerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdf
Nicky Xiong熊妮
 
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
John Gallagher
 
Safety Operating Procedure for Testing Lifting Tackles
Safety Operating Procedure for Testing Lifting TacklesSafety Operating Procedure for Testing Lifting Tackles
Safety Operating Procedure for Testing Lifting Tackles
ssuserfcf701
 
Basic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethicsBasic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethics
mpa7083
 
OME754 – INDUSTRIAL SAFETY - unit notes.pptx
OME754 – INDUSTRIAL SAFETY - unit notes.pptxOME754 – INDUSTRIAL SAFETY - unit notes.pptx
OME754 – INDUSTRIAL SAFETY - unit notes.pptx
shanmugamram247
 
AI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.pptAI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.ppt
GeethaAL
 
Indian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdfIndian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdf
princeshah76
 
AI chapter1 introduction to artificial intelligence
AI chapter1 introduction to artificial intelligenceAI chapter1 introduction to artificial intelligence
AI chapter1 introduction to artificial intelligence
GeethaAL
 
# Smart Parking Management System.pptx using IOT
# Smart Parking Management System.pptx using IOT# Smart Parking Management System.pptx using IOT
# Smart Parking Management System.pptx using IOT
Yesh20
 
Machine Learning- Perceptron_Backpropogation_Module 3.pdf
Machine Learning- Perceptron_Backpropogation_Module 3.pdfMachine Learning- Perceptron_Backpropogation_Module 3.pdf
Machine Learning- Perceptron_Backpropogation_Module 3.pdf
Dr. Shivashankar
 

Recently uploaded (20)

Concepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.pptConcepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.ppt
 
If we're running two pumps, why aren't we getting twice as much flow? v.17
If we're running two pumps, why aren't we getting twice as much flow? v.17If we're running two pumps, why aren't we getting twice as much flow? v.17
If we're running two pumps, why aren't we getting twice as much flow? v.17
 
Red Hat Enterprise Linux Administration 9.0 RH134 pdf
Red Hat Enterprise Linux Administration 9.0 RH134 pdfRed Hat Enterprise Linux Administration 9.0 RH134 pdf
Red Hat Enterprise Linux Administration 9.0 RH134 pdf
 
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
 
How to Formulate A Good Research Question
How to Formulate A  Good Research QuestionHow to Formulate A  Good Research Question
How to Formulate A Good Research Question
 
Machine Learning_SVM_KNN_K-MEANSModule 2.pdf
Machine Learning_SVM_KNN_K-MEANSModule 2.pdfMachine Learning_SVM_KNN_K-MEANSModule 2.pdf
Machine Learning_SVM_KNN_K-MEANSModule 2.pdf
 
Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2
 
JORC_Review_presentation. 2024 código jorcpdf
JORC_Review_presentation. 2024 código jorcpdfJORC_Review_presentation. 2024 código jorcpdf
JORC_Review_presentation. 2024 código jorcpdf
 
Cisco Intersight Technical OverView.pptx
Cisco Intersight Technical OverView.pptxCisco Intersight Technical OverView.pptx
Cisco Intersight Technical OverView.pptx
 
carpentry-11-module-1.docx 1 identifying tools
carpentry-11-module-1.docx 1 identifying toolscarpentry-11-module-1.docx 1 identifying tools
carpentry-11-module-1.docx 1 identifying tools
 
Kerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdfKerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdf
 
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
 
Safety Operating Procedure for Testing Lifting Tackles
Safety Operating Procedure for Testing Lifting TacklesSafety Operating Procedure for Testing Lifting Tackles
Safety Operating Procedure for Testing Lifting Tackles
 
Basic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethicsBasic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethics
 
OME754 – INDUSTRIAL SAFETY - unit notes.pptx
OME754 – INDUSTRIAL SAFETY - unit notes.pptxOME754 – INDUSTRIAL SAFETY - unit notes.pptx
OME754 – INDUSTRIAL SAFETY - unit notes.pptx
 
AI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.pptAI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.ppt
 
Indian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdfIndian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdf
 
AI chapter1 introduction to artificial intelligence
AI chapter1 introduction to artificial intelligenceAI chapter1 introduction to artificial intelligence
AI chapter1 introduction to artificial intelligence
 
# Smart Parking Management System.pptx using IOT
# Smart Parking Management System.pptx using IOT# Smart Parking Management System.pptx using IOT
# Smart Parking Management System.pptx using IOT
 
Machine Learning- Perceptron_Backpropogation_Module 3.pdf
Machine Learning- Perceptron_Backpropogation_Module 3.pdfMachine Learning- Perceptron_Backpropogation_Module 3.pdf
Machine Learning- Perceptron_Backpropogation_Module 3.pdf
 

HowYourAPIBeMyAPI