Account Takeover in Azure's API Management Developer Portal

Presented by

Thomas Stacey

About this talk

API Management is a critical component of modern application development. As organizations increasingly rely on APIs to exchange data between systems, they must also consider the potential security risks that come with API usage. In this 30 minute webinar, Outpost24’s Thomas Stacey will walk you through a vulnerability he recently discovered in Azure's API Management Developer Portal that can be exploited to perform an account takeover attack. Thomas will be exploring the various steps involved in identifying the vulnerability, disclosure and eventual release of the fix. The following topics will be covered, followed by a Q&A session: • Overview of Azure's APIM Service • Identifying the vulnerability in Azure's API Management Developer Portal • The Road to a Bug Bounty • Conclusion and Application Security Best practice This webinar is ideal for developers, security professionals, and anyone interested in learning more about vulnerability discovery and understanding why manual testing is essential for application security.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (30)
Subscribers (2228)
The Outpost24 group is pioneering cyber risk management with continuous vulnerability management, application security testing, threat intelligence and access management – in a single solution. Over 2,500 customers in more than 40 countries trust Outpost24’s unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence. Delivered through our cloud platform with powerful automation supported by our Cyber security experts, Outpost24 enables organizations to improve business outcomes by focusing on the cyber risk that matters. Visit for more information.