Cloud Security Podcast

API SECURITY BEST PRACTICES 2022

Sep 5, 2022

39:35

Creator website

Highlights

AI Chapters

Episode notes

Is It Too Common to Block Requests With a Token?

02:13

Grap Uel vs Rest?

01:36

Is There an Easy Way to Identify if Psa Is Using Rest or Graphicwell?

01:32

Introduction

2min

Hacking a Pis - What's Going On?

2min

What Is a P?

2min

Is Api Wart Using the Tobackend Convesation?

3min

Is There So Much More Than a Waff in an API?

2min

Is It Too Common to Block Requests With a Token?

2min

How to Find a Leakdapike?

2min

Api Gateway

2min

What's the Best Practice for Authentication?

2min

10.

Is Monitoring and Detection a Good Approach for Api Testing?

1min

11.

Apise University

3min

12.

What Are the Common Pantasting Things?

3min

13.

Is There a Difference Between Regular and Cloud Hosted?

2min

14.

Grap Cel vs Graph Queue Language

2min

15.

Is There an Easy Way to Identify if Psa Is Using Rest or Graphicwell?

2min

16.

Grap Uel vs Rest?

2min

17.

Grapcal API - Does It Make Easier to Pentes?

2min

18.

What Should Be Public and Which Should Be Private?

4min

In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball (Corey's Twitter) about what does API in a modern software stack looks like and how these can be attacked and protected

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Corey Ball (Corey's Twitter)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News

- Cloud Security Academy

Spotify TimeStamp for Interview Questions

(00:00) Ashish's Intro to the Episode

(02:40) https://snyk.io/csp

(02:51) Corey's professional background

(03:11) Corey's journey to be cybersecurity author

(04:36) What is API and why its important in 2022?

(06:44) Is API is the backend or frontend pf applications?

(08:36) What are people doing wrong with APIs?

(12:16) Best Practice for API Security?

(13:20) Most surprising things being seen in API Security?

(14:35) How do you find API keys?

(16:07) API gateway as a security control point

(18:25) OWASP Top 10 API Security

(20:00) Monitoring and detecting for API Security

(20:57) How to approach pentesting APIs?

(22:35) Learn about API hacking

(25:22) API Security in the Cloud

(29:05) Rest API vs GraphQL

(34:27) Pentest by consuming application documentation

(36:10) Which APIs should be public?

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.