How Low-Tech Hackers Hack Your APIs in 15 Min or Less

Share

Hear from a former hacker on how to stay secure in an era where mobile apps and APIs are most vulnerable

It is very hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to reviews. For example, a “dated trend” by effective yet lazy hackers is to search for API unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data. While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target”, the same can be said for Shadow API….Find, Connect, Extract. This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button - or lines of code in python :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data.



  Date and Time

  Location

  Hosts

  Registration



  • Date: 03 Jun 2021
  • Time: 06:30 PM to 07:30 PM
  • All times are (UTC-08:00) Pacific Time (US & Canada)
  • Add_To_Calendar_icon Add Event to Calendar

IEEE SCV Zoom account

  • Santa Clara, California
  • United States



  Speakers

Himanshu Dwivedi of CEO of Data Theorem, Inc.

Topic:

How Low-Tech Hackers Hack Your APIs in 15 Min or Less

How Low-Tech Hackers Hack Your APIs in 15 Min or Less

Biography:

Himanshu Dwivedi is the CEO of Data Theorem, Inc., an application security company focusing on mobile apps (iOS &Android), APIs (RESTful), Cloud Apps (Serverless), and Single Page WebApps (SPAs). Himanshu has been an avid start-up entrepreneur since 1999, where he and 3 friends started the west coast office of @stake, an information security firm that was later acquired by Symantec. In 2004, Himanshu co-founded iSEC Partners, an application security company that was acquired by the NCC Group in 2010. Himanshu has several publications, including six different books (Mobile Application Security, Hacking VoIP, Hacking Exposed: Web 2.0, Hacker's Challenge 3, Storage Security, and Implementing SSH) as well as the owner of one patent (Patent number 7849504). He has also presented at numerous conferences, including 6-time BlackHat speaker. Himanshu received a B.S. from the Carlson School of Management (University of Minnesota), where he was awarded the Tomato Can Loving Cup Award, which is given to the school's top graduating student.

Sophia Napp-Vega

Biography:

Sophia Napp-Vega is a policy-minded student of history and an advocate for equal rights in all forms. Their areas of interest include astronomy, literature, art and language, US and World history and policy and politics. They have a particular focus on the intersection of technology and policy, especially within the context of equal rights.





Agenda

Hear from a former hacker on how to stay secure in an era where mobile apps and APIs are most vulnerable

About this event

It is very hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to reviews. For example, a “dated trend” by effective yet lazy hackers is to search for API unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data. While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target”, the same can be said for Shadow API….Find, Connect, Extract. This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button - or lines of code in python :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data.