Security is Key: The Vulnerabilities of API Security
12-09, 10:00–10:45 (Europe/London), Track 2

APIs are one of the most popular development tools used today, so it is no surprise they have become a significant target for threat actors. Supported by API development tools and platforms, developers can now easily make and share APIs with others in the community.

This talk will explore the core security issues facing the API security landscape, including how, through common vulnerabilities, APIs can be misused. I will also show how not only are traditional vulnerabilities an issue, but also the attitude towards security of APIs. This will be explored through my personal experience, having found a series of exposed keys on a global API development platform. I will discuss how I found these leaked API keys, and how through communication with the company themselves, extra protection measures were put in place to ensure the security of the API development community.

Joe Wrieden is a Computer Science graduate from the University of York, who has been involved in the security sector for over three years. Over this time Joe has become fascinated with how threat actors operate, and the techniques that can be used to track cybercriminal activity. He now works as an Intelligence Analyst for Cyjax, a UK-based Cyber Threat Intelligence company, where he has found a passion for writing and presenting on cyber security topics. His research specifically focuses on following threat actor activity and the security concerns in the cryptocurrency and blockchain landscape.