In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball (Corey's Twitter) about what does API in a modern software stack looks like and how these can be attacked and protected
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Twitter: Corey Ball (Corey's Twitter)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security News
- Cloud Security Academy
Spotify TimeStamp for Interview Questions
(00:00) Ashish's Intro to the Episode
(02:40) https://snyk.io/csp
(02:51) Corey's professional background
(03:11) Corey's journey to be cybersecurity author
(04:36) What is API and why its important in 2022?
(06:44) Is API is the backend or frontend pf applications?
(08:36) What are people doing wrong with APIs?
(12:16) Best Practice for API Security?
(13:20) Most surprising things being seen in API Security?
(14:35) How do you find API keys?
(16:07) API gateway as a security control point
(18:25) OWASP Top 10 API Security
(20:00) Monitoring and detecting for API Security
(20:57) How to approach pentesting APIs?
(22:35) Learn about API hacking
(25:22) API Security in the Cloud
(29:05) Rest API vs GraphQL
(34:27) Pentest by consuming application documentation
(36:10) Which APIs should be public?
