On-line option: OWASP-MSP April meet: How to Hack an API in 15 minutes!

OWASP-MSP is meeting in person again! We're going to try for a hybrid approach, and include a live Zoom meetup as well. Itching to get back to in-person OWASP meetings (and who could blame you)? Follow this link: https://www.meetup.com/OWASP-MSP-Meetup/events/285213989

Himanshu Dwivedi -- How to Hack an API in 15 minutes!

Hear from a former hacker on how to stay secure in an era where mobile apps and APIs are most vulnerable. It is very hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to review. For example, a “dated trend” by effective yet lazy hackers is to search for API unknowns by security teams, coined “Shadow APIs”, connect to these APIs, and extract data.

While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target,” the same can be said for Shadow APIs. Find, Connect, Extract.
This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button – or lines of Python code. Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data.

Himanshu Dwivedi is the CEO of Data Theorem, Inc., an application security company focusing on API Security (RESTful & GraphQL), mobile apps (iOS &Android), Cloud Apps (Serverless), and Single Page WebApps (SPAs).

Himanshu has been an avid start-up entrepreneur since 1999, where he and three friends started the west coast office of @stake, an information security firm that Symantec later acquired. Himanshu co-founded iSEC Partners, an application security company acquired by the NCC Group. Himanshu has several publications, including six different books (Mobile Application Security, Hacking VoIP, Hacking Exposed: Web 2.0, Hacker’s Challenge 3, Storage Security Implementing SSH).