SlideShare a Scribd company logo
How Your API Be My API
Jie @ iThome CyberSec 2023
2023/05/10
curl -X GET https://127.0.0.1/info
https://www.linkedin.com/in/jieliau
https://github.com/jieliau
https://www.facebook.com/jie.liau
https://twitter.com/0xJieLiau
https://jieliau.medium.com/
{
"Name": "Jie Liau",
"Experiences": [
"Building Your Container Botnet in 1 Minute . - Session speaker in iThome CYBERSEC 2021",
"Container Security. - Session speaker in InfoSec 2020",
"Protecting Your Internet Route Integrity. - Session speaker in iThome CYBERSEC 2020",
"The Dark Side. - Seminar speaker in CSE, Yuan Ze University 2018",
"The Tor Network. - Session speaker in TDOH Conference 2017",
"What Does Network Operation Looks Like. - Seminar speaker in CSE, Yuan Ze University 2016"
],
"Certi
fi
cations": [
"CCIE",
"OSCP",
"CEH"
]
}
This talk is given by me as individual
My employer is not involved in any way
Disclaimer
According to Akamai, 83% of all internet tra
ffi
c is
from API, while HTML tra
ffi
c has fallen to just 17%
https://www.akamai.com/newsroom/press-release/state-of-the-internet-security-retail-attacks-and-api-traf
fi
c
According to Gartner, by 2022 APIs would
become the #1 most frequent attack vector
https://www.infosecurity-magazine.com/next-gen-infosec/api-attacks-threat-vector-2022/
https://www.gartner.com/en/webinars/4002323/api-security-protect-your-apis-from-attacks-and-data-breaches
What is API
Application Programming Interface
RESTful API
Web Services
URIs
HTTP protocol/method
Problems
Directly access to sensitive data
Over-permissioned
Vulnerable to logic
fl
aws
API
Web App
Mobile App
Micro Services
Why API Security is important
Reconnaissance Weaponise Delivery Exploit
Lateral
Movement
Privilege
Escalation
Breach
Classic Cyber Kill Chain
Find
Vulnerability
Breach
Reconnaissance
API Attack Cyber Kill Chain
OWASP API Security Project
The unique vul and security risks of Application Programming Interfaces
First release of API Security Top 10 in 2019
OWASP API Security Top 10 2023 now is RC
https://owasp.org/www-project-api-security/
https://github.com/OWASP/API-Security/tree/master/2023/en/src
2019 OWASP API Security Top 10
API1 Broken Object Level Authorization API6 Mass Assignment
API2 Broken User Authentication API7 Security Miscon
fi
guration
API3 Excessive Data Exposure API8 Injection
API4 Lack of Resources & Rate Limiting API9
Improper Assets
Management
API5 Broken Function Level Authorization API10
Insuf
fi
cient Logging &
Monitoring
2023 OWASP API Security Top 10 (RC)
API1 Broken Object Level Authorisation API6 Server Side Request Forgery
API2 Broken Authentication API7 Security Miscon
fi
guration
API3
Broken Object Property Level
Authorisation
API8
Lack Of Protection From
Automated Threats
API4 Unrestricted Resource Consumption API9
Improper Assets
Management
API5 Broken Function Level Authorisation API10
Unsafe Consumption Of
APIs
Find Your API
Passive
Google Dork
intitle:"index of” twitter-api-php
intitle:"index of" facebook-api
inurl:”/wp-json/wp/v2/users"
inurl:pastebin "API_KEY"
Git Dork
Shodan
“content-type: application/json”
“content-type: application/xml”
“wp-json”
The Wayback Machine
Active
Nmap
nmap —script=http-enum 192.168.0.123 -p 80, 443
OWASP Amass
amass enum -active -d yourapi.com
Gobuster
Kiterunner
Browser Dev Tool
https://github.com/OWASP/crAPI
Analyse Your HTTP Req and Rep
Tools
Postman
Burp Suite
Mitmproxy2swagger
Excessive Data Exposure
Postman
https://youtu.be/Ygjr-3eYqZI
Mitmproxy2swagger
https://youtu.be/b6BAezdW1Ek
Classic Authentication Attack
Password Brute-Force
Password Spraying
Combining a long list of users with short list of targeted passwords
Password spraying
https://youtu.be/GSVkNudLpg0
API Token Attack
Token Analysis
Identify predicable tokens
Burp Suite Sequencer
Token Analysis
https://youtu.be/yXSXgaclF-M
BOLA / BFLA
Broken Object Level Authorisation
User A is able to request User B’s resources, and vice versa
Broken Function Level Authorisation
Perform unauthorized actions, PUT, DELETE, etc…
BOLA
https://youtu.be/m39K7oJeDZU
BFLA
https://youtu.be/k1tQ6M7xqzU
Improper Assets Management
Version number
URL
Header
Parameter
Request body
Non-production API
test.example.com
uat.example.com
beta.example.cm
ImproperAssetsManagement
https://youtu.be/pvvlMC0UXy0
Mass Assignment
Overwrite object properties that should not be able to do
Assign yourself as admin account
“isadmin”: true
“isadmin”: 1
“admin”: true
{
“name”: “Demo”,
“email”: “email@example.com”,
“company”: “companyABC”,
}
{
“name”: “Demo”,
“email”: “email@example.com”,
“company”: “companyXYZ”,
“admin”: “true”
}
Mass Assignment
https://youtu.be/5tFYvNJPiyQ
Server Side Request Forgery
Types
In-Band SSRF
Blind SSRF
Look for any URL
POST body
Parameter
Header, for example Referrer
Any user input
Tools
https://webhook.site
https://pingb.in
SSRF
https://youtu.be/ImcbkQNGnvg
Injection
SQL Injection
Null byte - %00
‘
‘ OR 1 = 1 — -
NoSQL Injection
$gt
{“$gt”:-1}
$ne
{“$ne”:””}
$nin
{“$where”: “sleep(1000)“}
OS Injection
| ||
& &&
;
‘ “”
whoami, ipcon
fi
g, pwd, etc…
Real World Cases
https://www.bleepingcomputer.com/news/security/hacker-claims-to-be-selling-twitter-data-of-400-million-users/
Submitting email addresses or phone numbers to the API to identify which account they were linked to
https://apisecurity.io/issue-173-coinbase-vulnerability-authn-authz-best-practices-bad-bots-hack-elgato-key-light/
https://twitter.com/Tree_of_Alpha/status/1495014907028422662
References
https://www.apisecuniversity.com/
https://www.akamai.com/newsroom/press-release/state-of-the-internet-security-retail-attacks-and-api-traf
fi
c
https://www.infosecurity-magazine.com/next-gen-infosec/api-attacks-threat-vector-2022/
https://www.upwork.com/resources/soap-vs-rest-a-look-at-two-different-api-styles
https://www.redhat.com/en/topics/api/what-are-application-programming-interfaces
https://archive.org/web/
https://venturebeat.com/security/twitter-breach-api-attack/
https://thenewstack.io/twitter-leak-shows-how-important-api-security-remains-in-2023/
https://apisecurity.io/issue-173-coinbase-vulnerability-authn-authz-best-practices-bad-bots-hack-elgato-key-light/
https://apimike.com/coinbase-api-vulnerability-bug
https://salt.security/blog/understanding-the-coinbase-api-vulnerability
https://twitter.com/Tree_of_Alpha/status/1495014907028422662
Thank You !!!

More Related Content

What's hot

Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
Finally, easy integration testing with Testcontainers
Finally, easy integration testing with TestcontainersFinally, easy integration testing with Testcontainers
Finally, easy integration testing with Testcontainers
Rudy De Busscher
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdf
JuanSalinas593459
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
Karthik Gaekwad
 
OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)
Sebastian Poxhofer
 
Adopting OpenTelemetry
Adopting OpenTelemetryAdopting OpenTelemetry
Adopting OpenTelemetry
Vincent Behar
 
An intro to Kubernetes operators
An intro to Kubernetes operatorsAn intro to Kubernetes operators
An intro to Kubernetes operators
J On The Beach
 
CI/CD with Github Actions
CI/CD with Github ActionsCI/CD with Github Actions
CI/CD with Github Actions
Md. Minhazul Haque
 
GitHub Actions in action
GitHub Actions in actionGitHub Actions in action
GitHub Actions in action
Oleksii Holub
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Robert Greiner
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays
 
YAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareYAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra Khare
CodeOps Technologies LLP
 
Best practices for Terraform with Vault
Best practices for Terraform with VaultBest practices for Terraform with Vault
Best practices for Terraform with Vault
Mitchell Pronschinske
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
Denim Group
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
Knoldus Inc.
 
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioTHE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
DevOpsDays Tel Aviv
 
JUnit 5
JUnit 5JUnit 5
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
Kyohei Mizumoto
 
(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code
Amazon Web Services
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022
Liran Tal
 

What's hot (20)

Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
 
Finally, easy integration testing with Testcontainers
Finally, easy integration testing with TestcontainersFinally, easy integration testing with Testcontainers
Finally, easy integration testing with Testcontainers
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdf
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)
 
Adopting OpenTelemetry
Adopting OpenTelemetryAdopting OpenTelemetry
Adopting OpenTelemetry
 
An intro to Kubernetes operators
An intro to Kubernetes operatorsAn intro to Kubernetes operators
An intro to Kubernetes operators
 
CI/CD with Github Actions
CI/CD with Github ActionsCI/CD with Github Actions
CI/CD with Github Actions
 
GitHub Actions in action
GitHub Actions in actionGitHub Actions in action
GitHub Actions in action
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
 
YAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareYAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra Khare
 
Best practices for Terraform with Vault
Best practices for Terraform with VaultBest practices for Terraform with Vault
Best practices for Terraform with Vault
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
 
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioTHE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
 
JUnit 5
JUnit 5JUnit 5
JUnit 5
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
 
(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022
 

Similar to HowYourAPIBeMyAPI

OWASPAPISecurity
OWASPAPISecurityOWASPAPISecurity
OWASPAPISecurity
Jie Liau
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
VishwasN6
 
API Hijacking (1).pdf
API Hijacking (1).pdfAPI Hijacking (1).pdf
API Hijacking (1).pdf
Vishwas N
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
Vishwas N
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
Riddhi Shree
 
Web API Security
Web API SecurityWeb API Security
Web API Security
Stefaan
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia  2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia  2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays
 
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meet
vinoth kumar
 
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
apidays
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
Railwaymen
 
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
 
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
apidays
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Anna Klepacka
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
Riddhi Shree
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Web Apps: APIs' Nightmare
Web Apps: APIs' NightmareWeb Apps: APIs' Nightmare
Web Apps: APIs' Nightmare
Paulo Silva
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
42Crunch
 

Similar to HowYourAPIBeMyAPI (20)

OWASPAPISecurity
OWASPAPISecurityOWASPAPISecurity
OWASPAPISecurity
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
 
API Hijacking (1).pdf
API Hijacking (1).pdfAPI Hijacking (1).pdf
API Hijacking (1).pdf
 
API Hijacking.pdf
API Hijacking.pdfAPI Hijacking.pdf
API Hijacking.pdf
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia  2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia  2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
 
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meet
 
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
APIsecure 2023 - The Present and Future of OWASP API Security Top 10, Inon Sh...
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
 
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
Web Apps: APIs' Nightmare
Web Apps: APIs' NightmareWeb Apps: APIs' Nightmare
Web Apps: APIs' Nightmare
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 

More from Jie Liau

iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
Jie Liau
 
iThome CyberSec2021 Container Security
iThome CyberSec2021 Container SecurityiThome CyberSec2021 Container Security
iThome CyberSec2021 Container Security
Jie Liau
 
Container Security
Container SecurityContainer Security
Container Security
Jie Liau
 
Protecting Your Internet Route Integrity
Protecting Your Internet Route IntegrityProtecting Your Internet Route Integrity
Protecting Your Internet Route Integrity
Jie Liau
 
The Tor Network
The Tor NetworkThe Tor Network
The Tor Network
Jie Liau
 
IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017
Jie Liau
 
DDoS
DDoSDDoS
DDoS
Jie Liau
 
Shell Shock
Shell ShockShell Shock
Shell Shock
Jie Liau
 

More from Jie Liau (8)

iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
iThome CyberSec2021 Container Security
iThome CyberSec2021 Container SecurityiThome CyberSec2021 Container Security
iThome CyberSec2021 Container Security
 
Container Security
Container SecurityContainer Security
Container Security
 
Protecting Your Internet Route Integrity
Protecting Your Internet Route IntegrityProtecting Your Internet Route Integrity
Protecting Your Internet Route Integrity
 
The Tor Network
The Tor NetworkThe Tor Network
The Tor Network
 
IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017
 
DDoS
DDoSDDoS
DDoS
 
Shell Shock
Shell ShockShell Shock
Shell Shock
 

Recently uploaded

132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURSCompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
RamonNovais6
 
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by AnantLLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
Anant Corporation
 
ITSM Integration with MuleSoft.pptx
ITSM  Integration with MuleSoft.pptxITSM  Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
VANDANAMOHANGOUDA
 
CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1
PKavitha10
 
Design and optimization of ion propulsion drone
Design and optimization of ion propulsion droneDesign and optimization of ion propulsion drone
Design and optimization of ion propulsion drone
bjmsejournal
 
Data Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason WebinarData Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason Webinar
UReason
 
Engineering Standards Wiring methods.pdf
Engineering Standards Wiring methods.pdfEngineering Standards Wiring methods.pdf
Engineering Standards Wiring methods.pdf
edwin408357
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Sinan KOZAK
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
AjmalKhan50578
 
Software Engineering and Project Management - Software Testing + Agile Method...
Software Engineering and Project Management - Software Testing + Agile Method...Software Engineering and Project Management - Software Testing + Agile Method...
Software Engineering and Project Management - Software Testing + Agile Method...
Prakhyath Rai
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
IJECEIAES
 
Gas agency management system project report.pdf
Gas agency management system project report.pdfGas agency management system project report.pdf
Gas agency management system project report.pdf
Kamal Acharya
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
shadow0702a
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
ydzowc
 
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
upoux
 
Curve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods RegressionCurve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods Regression
Nada Hikmah
 
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
PIMR BHOPAL
 
Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...
Prakhyath Rai
 
AI for Legal Research with applications, tools
AI for Legal Research with applications, toolsAI for Legal Research with applications, tools
AI for Legal Research with applications, tools
mahaffeycheryld
 

Recently uploaded (20)

132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURSCompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
 
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by AnantLLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
 
ITSM Integration with MuleSoft.pptx
ITSM  Integration with MuleSoft.pptxITSM  Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
 
CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1
 
Design and optimization of ion propulsion drone
Design and optimization of ion propulsion droneDesign and optimization of ion propulsion drone
Design and optimization of ion propulsion drone
 
Data Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason WebinarData Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason Webinar
 
Engineering Standards Wiring methods.pdf
Engineering Standards Wiring methods.pdfEngineering Standards Wiring methods.pdf
Engineering Standards Wiring methods.pdf
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
 
Software Engineering and Project Management - Software Testing + Agile Method...
Software Engineering and Project Management - Software Testing + Agile Method...Software Engineering and Project Management - Software Testing + Agile Method...
Software Engineering and Project Management - Software Testing + Agile Method...
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
 
Gas agency management system project report.pdf
Gas agency management system project report.pdfGas agency management system project report.pdf
Gas agency management system project report.pdf
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
 
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
 
Curve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods RegressionCurve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods Regression
 
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
 
Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...
 
AI for Legal Research with applications, tools
AI for Legal Research with applications, toolsAI for Legal Research with applications, tools
AI for Legal Research with applications, tools
 

HowYourAPIBeMyAPI