logo
episode-header-image
Oct 2024
16m 46s

The Haunted House of APIs - The Dark Cor...

Noah Labhart - Startup Founder & CTO
About this episode

The Haunted House of API's

Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

The Dark Corners of APIs: Uncovering Unknown APIs Lurking in the Shadows

Our episode today is titled The Dark Corners of APIs: Uncovering Unknown API’s lurking in the shadows, where we speak with Katie Paxton-Fear. APIs are the gateway to your digital infrastructure, but hidden deep in the recesses of your system are unknown APIs – shadow, rogue, zombie, and undocumented API’s. Each of these present a unique threat to your organization and can be exploited by hackers. Katie is an API hacker and researcher, and today, she will take us on a journey through the API graveyards, where hidden APIs lurk, waiting to be exploited – sharing real life examples of how these API’s have been attacked, and best practices for ensuring they don’t become your companies next security nightmare.

Discussion questions:

  1. Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?
  2. Why do these APIs often go unnoticed, and how do they become security risks?
  3. What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?
  4. How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?
  5. In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?

Sponsors

Links




Our Sponsors:
* Check out Kinsta: https://kinsta.com
* Check out Vanta: https://vanta.com/CODESTORY


Support this podcast at — https://redcircle.com/code-story/donations

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy
Up next
Aug 21
S11 Bonus: Goutham (Gou) Rao, Neubird
Goutham Rao grew up in Brooklyn, a nerd all his life. Back in the day, his Dad bought him a Commodore 64, from which he started to learn to write code in BASIC. Eventually, he attended the University of Pennsylvania to get his Masters in Computer Science. Outside of tech, he is m ... Show More
29m 48s
Aug 19
S11 E13: Matt Hamann, Rownd
Matt Hamann knew he was going to be in tech way back in his younger days. His Dad worked for IBM, so there were always fun things to talk about and play with. He got his first family computer when he was 4 years old, and started programming BASIC when he was 8. Eventually, they g ... Show More
23m 20s
Aug 14
S11 Bonus: Greg Shove, Section
Greg Shove was born in Canada, raised in Britain, and eventually moved to the United States. Through all of these places he lived, he learned to believe in equal access for people, never to quit, and to work hard and win - all of this, respectively. When he moved to California, h ... Show More
20m 29s
Recommended Episodes
Mar 2025
StackHawk and Shift-Left API Security with Scott Gerlach
APIs are a fundamental part of modern software systems and enable communication between services, applications, and third-party integrations. However, their openness and accessibility also make them a prime target for security threats, and this makes APIs a growing focus on softw ... Show More
46m 8s
Jun 2024
CISA's calls for a JCDC makeover.
CSAC recommends key changes to the  Joint Cyber Defense Collaborative. Cloud vendor Snowflake says single-factor authentication is to blame in their recent breach. Publishers sue Google over pirated ebooks. The FBI shares LockBit decryption keys. V3B is a phishing as a service ca ... Show More
29m 38s
Jun 25
Open-source, open season.
Cybercriminals target financial institutions across Africa using open-source tools. Threat actors are using a technique called Authenticode stuffing to abuse ConnectWise remote access software. A fake version of SonicWall’s NetExtender VPN app steals users’ credentials. CISA and ... Show More
32m 26s
Jan 2025
Crypto chameleons and star fraud.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware ... Show More
41m 52s
Aug 2024
From screen share to spyware.
Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi  vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a ... Show More
33m 35s
Jun 30
Episode 1: The Evolution of API Security, Shift Left Security and DevSecOps Integration
ePlus Security + F5 API Security Podcast Series where ePlus’ David Tumlin and F5’s Chuck Herrin share why visibility is the foundation of modern security—and how together, ePlus & F5 are helping organizations manage the real challenges of API security in today’s hybrid, multi-clo ... Show More
16m 54s
Nov 2024
151: Chris Rock
Chris Rock is known for being a security researcher. But he’s also a black hat incident responder. He tells us about a job he did in the middle east.https://x.com/chrisrockhackerSponsorsSupport for this show comes from Varonis. Do you wonder what your company’s ransomware blast r ... Show More
57m 57s
Oct 2024
No more “cyber Snorlax” naps.
Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates ... Show More
35m 27s
May 2023
Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.
Babuk source code provides criminal inspiration. CISA and FBI release a joint report on PaperCut. There are more bad bots out there than anyone would like. Phishing-as-a-service tools in the C2C market. CISA’s Eric Goldstein advocates the adoption of strong controls, defensible n ... Show More
27m 30s
Feb 2025
DeepSeek AI Controversies, Shadow AI Risks: Cyber Security Today for Wednesday February 5, 2025
In this episode of Cybersecurity Today with Jim Love, explore the growing concerns surrounding DeepSeek AI's censorship and lack of guardrails, the rise of 'Shadow AI' in workplaces, and how cybercriminals exploit major cloud providers like AWS and Azure. Learn about a phishing s ... Show More
10m 4s
Listen to millions of songs and podcasts on Anghami