Going Way Beyond 2FA
The OWASP Podcast Series
00:00
The Attack Shifts to the API
Attackers are pragmatic. And if you make it harder, they're just going to go somewhere else where it's easier. So we instead just stopped accepting passwords through the api. We didn't actually see f thi attack shift to get t because it alittle more complicated than a curl script that goes to anapi n point. But the attack absolutely shifted, like almost immediately. That was, to me, probably the thing that really caught me in your presentation. It's one of those things that is both surprising and in retrospect, painfully obvious.
Transcript
Play full episode
