API Abuse – The Anatomy of An Attack

David Stewart Aproov/CriticalBlue

Gartner’s statement that “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” is often quoted, but what does an API abuse attack actually look and feel like?

At last year’s Platform Summit, I described 3 different types of API abuse at a high level, summarizing who abuses and why.

The year I will go into anatomical and forensic detail on one specific API abuse attack based on our real experiences, explaining what it looked and felt like through the exploration and probing phase, into the setup and test stage, and finally into the at scale exploitation.

Remembering that API abuse attacks are often carried out at low frequency and with valid user credentials and API keys, the audience will be challenged to consider how their API defense mechanisms would cope against bad actors behaving as described.
Attendees may feel the need to contact their home offices after this presentation, just to check a few things…

Smarter Tech Decisions Using APIs

Smarter Tech Decisions Using APIs

API blog

High impact blog posts and eBooks on API business models, and tech advice

API conferences

Connect with market leading platform creators at our events

API community

Join a helpful community of API practitioners

API Insights Straight to Your Inbox!

Can't make it to the event? Signup to the Nordic APIs newsletter for quality content. High impact blog posts on API business models and tech advice.

Join Our Thriving Community

Become a part of our global community of API practitioners and enthusiasts. Share your insights on the blog, speak at an event or exhibit at our conferences and create new business relationships with decision makers and top influencers responsible for API solutions.