Code Story

The Haunted House of APIs - The Dark Corners of APIs with Katie Paxton-Fear

Oct 23, 2024

16:46

The Haunted House of API's

Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

The Dark Corners of APIs: Uncovering Unknown APIs Lurking in the Shadows

Our episode today is titled The Dark Corners of APIs: Uncovering Unknown API’s lurking in the shadows, where we speak with Katie Paxton-Fear. APIs are the gateway to your digital infrastructure, but hidden deep in the recesses of your system are unknown APIs – shadow, rogue, zombie, and undocumented API’s. Each of these present a unique threat to your organization and can be exploited by hackers. Katie is an API hacker and researcher, and today, she will take us on a journey through the API graveyards, where hidden APIs lurk, waiting to be exploited – sharing real life examples of how these API’s have been attacked, and best practices for ensuring they don’t become your companies next security nightmare.

Discussion questions:

Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?
Why do these APIs often go unnoticed, and how do they become security risks?
What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?
How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?
In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?