OPEN TALK (API): Nightmare on API Street - How to Avoid one FinTech's Horror


Michael Isbitski
Salt Security, Technical Evangelist

Michael Isbitski is Technical Evangelist at Salt Security, helping to improve awareness and technical understanding in the area of API security. Prior to joining Salt, Michael was a Senior Director Analyst at Gartner for Technical Professionals (GTP). He researched and advised on a range of application security and infrastructure security topics including API security, security testing, secure design, secure SDLC, application protection, container security, Kubernetes security and secure continuous delivery. Michael also has more than 20 years of hands-on practitioner and leadership experience in the fields of application security, vulnerability management, risk assessment, enterprise architecture, and systems engineering.


APIs help drive efficiency and faster innovation so that organizations can support their business. Attackers also know this reality and zone in on APIs as a primary attack vector. The end result is a potential nightmare for organizations with API-driven business applications as they face the risks of data breach, privacy incident, and more.

In this session, we review first hand API threat research gleaned from a large financial institution. Its SaaS platform provides API services to thousands of partner banks and financial advisors, and security researchers found many alarming API vulnerabilities. Researchers were able to demonstrate exploits of these vulnerabilities, showing that anyone could:

  • Read any financial records of any customer, despite lacking the proper authorization 
  • Delete any customer’s user accounts across the financial platform 
  • Tamper with authentication parameters and take over any account 
  • Launch an application-level denial of service attack that would render entire applications unavailable



Unfortunately, this financial institution isn’t unique. Attend this session to gain insights into API security best practices to prevent this nightmare from being yours.