Application Security Weekly (Audio)

Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300

Sep 24, 2024

David Holmes, an expert in API security and bot attack strategies, dives into the urgent threats posed by vulnerable APIs and sophisticated bot attacks. He reveals that a staggering 71% of internet traffic is API-related, highlighting the complexities of protecting these entry points. Holmes discusses recent trends in API bot attacks, the economic fallout of security failures, and the necessity of proactive monitoring. The conversation emphasizes innovative defense strategies and the critical need for effective API management to combat these evolving threats.

01:07:51

Creator website

Episode guests

David Holmes

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The rise of API interactions in web traffic necessitates better discovery and security strategies to minimize vulnerability exposure.

Financial motivations behind bot attacks highlight the urgent need for companies to implement monitoring and anomaly detection measures.

Shadow APIs pose significant risks due to lack of maintenance, emphasizing the importance of inventory strategies for effective API security management.

Deep dives

Importance of API Security

API security has become increasingly critical as the majority of internet traffic consists of API interactions. The average company has over 600 API endpoints, of which many remain undocumented or unmaintained, making them susceptible to attacks. Research indicates that larger companies experience up to 40% of their cyber incidents as API-related attacks, highlighting the growing threat landscape. Developing a strategy for API discovery, maintenance, and security is essential for organizations to effectively mitigate these risks.

Intro

4min

Navigating API Security Challenges

26min

Navigating API Security Challenges and Observability

2min

Understanding API Bot Attack Trends and Security Implications

3min

Navigating API Security Challenges

7min

Navigating Memory Safety and Fuzzing in Legacy Code

4min

Streamlining Data Validation in Modern Programming

2min

Understanding Image Format Vulnerabilities

21min

APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational damage. In this discussion, David Holmes offers insights into the latest trends in API and bot attacks and provides strategies to defend against these threats.

Segment Resources:

The Economic Impact of API and Bot Attacks: https://www.imperva.com/resources/resource-library/reports/the-economic-impact-of-api-and-bot-attacks/
The True Cost of API Insecurity and Bot Attacks in 2024: https://www.imperva.com/resources/resource-library/webinars/the-true-cost-of-api-insecurity-and-bot-attacks-in-2024/

This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!

In the news, fuzzing network traffic in OpenWRT, parsing problems lead to GitLab auth bypass, more fuzzing finds vulns in a JPEG parser, and more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-300

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Application Security Weekly (Audio)

Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Importance of API Security

Bot Attacks and Their Impact

Shadow APIs and Their Challenges

The Need for Instrumenting APIs

Cost of Attacks and Effective Defenses

Remember Everything You Learn from Podcasts