The IT Pro Podcast: The problem with APIs

The IT Pro Podcast logo with the episode number 158 and title 'The problem with APIs'

Application programming interfaces, or APIs, have become an integral part of maintaining an online business, and are often indispensable for cross-functionality and user experience.

However, the increased use of APIs has led to a rise in attacks against them. This can in turn cause breaches of company data or even full account takeovers. Improperly-managed APIs are a key attack surface and firms would do well to treat this seriously as threat actors step up their efforts at exploitation.

In this episode, Rory and Jane are joined by Yaniv Balmas, VP of security research at Salt Security, to discuss the risks that come with using APIs and how to mitigate against them.

Highlights

“When you're speaking a different language than the service is expecting to hear, there could be one of many, many, many issues that will follow starting from very simple things like, you know, simple error page or server crash or something like that. And ranging up into, you know, information disclosure, full account takeovers, and stuff like that.”

“As time passes, yeah, more attackers join this API attacking club, and that's why we see this increase. And if you're asking my predictions on the future I don't see that stopping or, you know, start being in lower volumes. Quite the opposite.”

“If it's a third party tool that you're using, then you need to test it to make sure that, you know, it complies with everything and that it stops everything, all the relevant API attacks. And then finally, once you've deployed your solution, that's not enough because this world is constant, it's dynamic. It's constantly changing. There are always new attacks, every day you hear about new techniques and a new attack.”

Read the full transcript here.

Footnotes

Subscribe

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.