Episode 16: OWASP API Hacking and DevSec with Matt Tesauro
The Cyber Threat Perspective
00:00
Enhancing API Security through Penetration Testing
This chapter explores the intricate process of penetration testing for APIs, emphasizing the need for continuous testing in CI/CD pipelines to identify vulnerabilities before they reach production. It highlights the importance of validating existing security controls over simply discovering new vulnerabilities and illustrates this through experiences with a SaaS provider that utilized innovative engineering for robust defenses. The discussion underscores the critical need for manual testing approaches alongside automated frameworks to effectively address security challenges, particularly in mobile applications.
Transcript
Play full episode
