APIs help drive efficiency and faster innovation so that organizations can support their business. Attackers also know this reality and zone in on APIs as a primary attack vector. The end result is a potential nightmare for organizations with API-driven business applications as they face the risks of data breach, privacy incident, and more.
In this session, we review first hand API threat research gleaned from a large financial institution. Its SaaS platform provides API services to thousands of partner banks and financial advisors, and security researchers found many alarming API vulnerabilities. Researchers were able to demonstrate exploits of these vulnerabilities, showing that anyone could:
- Read any financial records of any customer, despite lacking the proper authorization
- Delete any customer’s user accounts across the financial platform
- Tamper with authentication parameters and take over any account
- Launch an application-level denial of service attack that would render entire applications unavailable
Unfortunately, this financial institution isn’t unique. Attend this session to gain insights into API security best practices to prevent this nightmare from being yours.