How Hackers Hack Your APIs in 15 Minutes or Less

Presented by

Himanshu Dwivedi, CEO at Data Theorem

About this talk

It is very hard, if not impossible, to secure something you don’t know exist. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to reviews. For example, a “dated trend” by effective yet lazy hackers is to search for API unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data. While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target”, the same can be said for Shadow API….Find, Connect, Extract. This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button (lines of code in python code :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (32)
Subscribers (2790)
Data Theorem is a leading provider of modern application security. Its core mission is to prevent AppSec data breaches. The Data Theorem Analyzer Engine continuously scans mobile and web applications, APIs, and cloud resources in search of security flaws and data privacy gaps. Our security products provide automated hacking and full application stack discovery that protects your data.