Sherlock Holmes vs Cybersecurity Hacker – API Security Keys

décembre 22, 2022 Mourad ELGORMA

🕵️ Brenton House delivers captivating DeveloperWeek Cloud Keynote presentation on Sherlock Holmes vs The #Cybersecurity Hacker. BONUS: API Hacking Tools Reviewed! 👇🏻👇🏻 Follow the Clues Below! 👇🏻👇🏻

Welcome to API Hacking 101.

▬▬▬▬▬ 🟣 API SECURITY 🟣 ▬▬▬▬▬
APIs are everywhere and #API Security has never been more important than it is right now. API abuses have risen in the past few years and it is difficult to go even a week without reading about another API that has been attacked. By securing your APIs using API Security solutions and API Management best practices, you can mitigate attacks and protect your organization, your customers, your data, and your reputation. So What is API Security Shift Left and Shield Right?

▬▬▬▬▬ 🟢 WHAT IS OWASP? 🟢 ▬▬▬▬▬
OWASP stands for « Open Web Application Security Project » and they are an international non-profit organization dedicated to web application security.

It is important to apply API Security best practices to your cybersecurity strategy.
▬▬▬▬▬ ⏪ SHIFT LEFT ⏪ ▬▬▬▬▬
« Shift Left » is referring to shifting your security focus to the beginning of the API Lifecycle process and integrating it into the design and development of an API that works to help protect it in every other step of the API Lifecycle all the way to the retirement of an API.

▬▬▬▬▬ ⏩ SHIELD RIGHT ⏩ ▬▬▬▬▬
« Shield Right » is talking about the emphasis on continuing to protect your APIs at runtime and beyond. This provides a defense against unknown attacks using AI/ML and defined algorithms and policies.

▬▬▬▬▬ 🔴 WHAT IS API Penetration Testing? 🔴 ▬▬▬▬▬
API penetration testing is an ethical hacking process to assess the security of the API design. API tests involve attempting to exploit identified issues and reporting them to strengthen the API to prevent unauthorized access or a data breach.

▬▬▬▬▬ 🟡 OWASP API SECURITY 🟡 ▬▬▬▬▬
What is the #OWASP Top 10 for #APIsecurity?
⭐ Broken Object Level Authorization
⭐ Broken User Authentication
⭐ Excessive Data Exposure
⭐ Lack of Resources & Rate Limiting
⭐ Broken Function Level Authorization
⭐ Mass Assignment
⭐ Security Misconfiguration
⭐ Injection
⭐ Improper Assets Management
⭐ Insufficient Logging & Monitoring

▬▬▬▬▬ 💀 API Hacker Resources 💀 ▬▬▬▬▬
💀 Postman
💀 Charles Proxy
💀 MobSF
💀 Frida
💀 MITM
💀 OSINT Tools

▬▬▬▬▬ 🔵 BONUS LINKS 🔵 ▬▬▬▬▬
⚡ So you think your API is secure? 👉🏼 https://api2.day/api-security
⚡ What is API Security 👉🏼 https://api2.day/what-is-api-security
⚡ OWASP 👉🏼 https://api2.day/owasp
⚡ OWASP Top Ten List for API Security 👉🏼 https://api2.day/owasp-top-10-api
⚡ OWASP Top Ten List for Web Applications 👉🏼 https://api2.day/owasp-top-ten
⚡ Free Trial for webMethods API Gateway 👉🏼 https://api2.day/webmethods-api

▬▬▬▬▬ 🟠 WHAT IS AN API? 🟠 ▬▬▬▬▬
Basically, it is non-human systems that talk to each other in an agreed-upon way! API Management, which includes things like API Gateway and API Developer Portal, allows your APIs to scale while prioritizing API Security. This is all part of API First methodology which helps drive the API Economy. Learning to treat your API as a Product, with proper budget, resources, and management, helps organizations succeed in releasing API Platforms that users, customers, and developers LOVE!

▬▬▬▬▬ ❤️ LEVEL-UP ❤️ ▬▬▬▬▬
🎬 Watch ▪ Check out more API videos! https://youtube.com/apishorts ( bring your own 🍿 )
🔔 Subscribe ▪ Get notified when new content is available!
👍🏻 Thumbs Up! ▪ Love APIs? 😍 Like our video and share it!
💬 Comment ▪ Let us know what you think of this episode!

▬▬▬▬▬ 👀 LET’S CONNECT 👀 ▬▬▬▬▬
⭐ LinkedIn 👉🏼 https://api2.day/linkedin
⭐ Twitter 👉🏼 https://api2.day/twitter
⭐ YouTube 👉🏼 https://api2.day/youtube
⭐ Medium 👉🏼 https://api2.day/medium
⭐ Dev.to 👉🏼 https://api2.day/devto
⭐ Software AG 👉🏼 https://api2.day/sag-brenton

▬▬▬▬▬ ⚡ SUPERCHARGE ⚡ ▬▬▬▬▬
⚡ Digital Strategist 👉🏼 https://api2.day/brenton
⚡ Software AG Blog 👉🏼 https://api2.day/sag-blog
⚡ API Knowledge Portal 👉🏼 https://api2.day/knowledge

▬▬▬▬ 📕 CHAPTERS 📕 ▬▬▬▬
00:00 ▶️ API Cybersecurity Presentation Intro
00:46 ▶️ Jonathan Pasky – #DevNetwork
01:32 ▶️ Breaking Cybersecurity News
02:53 ▶️ Brenton House – Cybersecurity Detective
03:38 ▶️ Sherlock Holmes Cybersecurity
04:10 ▶️ Know your Resource
04:44 ▶️ Know your Situation
06:18 ▶️ Know your Adversary
06:54 ▶️ Sherlock API Security #Detective Exam
07:51 ▶️ Case Study – Peloton API Breach
08:42 ▶️ Peloton API Security Failure Timeline
10:35 ▶️ Peloton – API Resources
17:51 ▶️ Peloton – API Situtation
22:41 ▶️ Peloton – API Adversaries
23:03 ▶️ Blue Team – API Security Tools
24:12 ▶️ Red Team – API Hacking Tools
25:20 ▶️ Burp Suite
26:16 ▶️ Charles Proxy
28:49 ▶️ Man-in-the-Middle #Proxy
33:54 ▶️ API Cybersecurity Bonus
34:54 ▶️ API Cybersecurity Videos
36:34 ▶️ API Cybersecurity Content
38:15 ▶️ API #Hacking Book #Giveaway