How Low-Tech Hackers Hack Your APIs in 15 Minutes or Less

Presented by Himanshu Dwivedi

It’s not easy to protect something you don’t know exists. How can companies inventory their APIs and protect them from potential attacks?

It is very hard, if not impossible, to secure something you don’t know exist. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to reviews.

For example, a “dated trend” by effective yet lazy hackers is to search for API unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data. While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target”, the same can be said for Shadow API….Find, Connect, Extract.

This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button (lines of code in python code :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data.

Data Theorem needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.

How Low Tech Hackers Hack Your API in 15min or Less