API = Auth Poorly Implemented

C65347082fd2c5ec7c783f214e2d49e0?s=47 Zach Lanier
January 27, 2015

API = Auth Poorly Implemented

Who doesn’t love a robust, easy-to-use, well-documented API? The ability to plug right into an application, a service, an infrastructure, especially in a secure way, is a marvelous feeling. But, what about those mild (and not so mild) oversights? Implementation flaws? Security bugs? Legacy APIs being “integrated” with new, flashy RESTful APIs?

In this talk, we’ll highlight some real-world examples of web-related API security problems, notably surrounding authentication and authorization issues in targets ranging from a big online payment shop to an embedded device’s backend infrastructure (and a slew of things in between).


Zach Lanier

January 27, 2015