Wednesday, October 27, 2021

OPEN TALK (API): How Attackers Utilize API Specs to Attack Your APIs
Join on Hopin
Jason Kent
Jason Kent
Cequence Security, Hacker in Residence

API Specifications are extremely useful for security teams to monitor API security/compliance conformance and make suggestions to keep your APIs secure. Many organizations however, are generating specs that security teams are unaware of and often are found by would-be attackers. In this session I will show some of the frameworks and tools utilized by attackers to find your API endpoints and enumerate endpoints that are missing standard security measures and are open for attack.