logo
episode-header-image
Oct 2024
16m 46s

The Haunted House of APIs - The Dark Cor...

Noah Labhart - Startup Founder & CTO
About this episode

The Haunted House of API's

Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

The Dark Corners of APIs: Uncovering Unknown APIs Lurking in the Shadows

Our episode today is titled The Dark Corners of APIs: Uncovering Unknown API’s lurking in the shadows, where we speak with Katie Paxton-Fear. APIs are the gateway to your digital infrastructure, but hidden deep in the recesses of your system are unknown APIs – shadow, rogue, zombie, and undocumented API’s. Each of these present a unique threat to your organization and can be exploited by hackers. Katie is an API hacker and researcher, and today, she will take us on a journey through the API graveyards, where hidden APIs lurk, waiting to be exploited – sharing real life examples of how these API’s have been attacked, and best practices for ensuring they don’t become your companies next security nightmare.

Discussion questions:

  1. Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?
  2. Why do these APIs often go unnoticed, and how do they become security risks?
  3. What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?
  4. How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?
  5. In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?

Sponsors

Links




Our Sponsors:
* Check out Kinsta: https://kinsta.com
* Check out Vanta: https://vanta.com/CODESTORY


Support this podcast at — https://redcircle.com/code-story/donations

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy
Up next
Today
S11 Bonus: Gaurav Bhattacharya, Jeeva AI
Gaurav Bhattacharya grew up in New Delhi, in a blue collar family. He lost his Dad early in his life. He took influence from his older brother and his love for programming, getting hooked on C/C++. He loves building things, including video games, of which he built his first one a ... Show More
29m 55s
Jul 8
S11 E7: Artem Rodichev, Ex-Human
Artem Rodichev was born and raised in Kazakhstan, surrounded by the mountains. He loves hiking, and pretty much all outdoor activities. He jokes that he was raised by computers, as he was always playing games, trying to learn hacking, and more. He has always be interested in stor ... Show More
28m 59s
Jul 3
S11 Bonus: Keren Fanan, MyOp
Keren Fanan doesn't come from a tech based family, yet has worked in tech for the last 15 years. She's not a developer herself, but has always been drawn to software in general, as in her words, software runs the world. She studied Industrial Engineering, but quickly moved into p ... Show More
27m 21s
Recommended Episodes
Mar 2025
StackHawk and Shift-Left API Security with Scott Gerlach
APIs are a fundamental part of modern software systems and enable communication between services, applications, and third-party integrations. However, their openness and accessibility also make them a prime target for security threats, and this makes APIs a growing focus on softw ... Show More
46m 8s
Jun 25
Open-source, open season.
Cybercriminals target financial institutions across Africa using open-source tools. Threat actors are using a technique called Authenticode stuffing to abuse ConnectWise remote access software. A fake version of SonicWall’s NetExtender VPN app steals users’ credentials. CISA and ... Show More
32m 26s
Jan 2025
Crypto chameleons and star fraud.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware ... Show More
41m 52s
Aug 2024
From screen share to spyware.
Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi  vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a ... Show More
33m 35s
Jun 30
Episode 1: The Evolution of API Security, Shift Left Security and DevSecOps Integration
ePlus Security + F5 API Security Podcast Series where ePlus’ David Tumlin and F5’s Chuck Herrin share why visibility is the foundation of modern security—and how together, ePlus & F5 are helping organizations manage the real challenges of API security in today’s hybrid, multi-clo ... Show More
16m 54s
Nov 2024
151: Chris Rock
Chris Rock is known for being a security researcher. But he’s also a black hat incident responder. He tells us about a job he did in the middle east.https://x.com/chrisrockhackerSponsorsSupport for this show comes from Varonis. Do you wonder what your company’s ransomware blast r ... Show More
57m 57s
Oct 2024
No more “cyber Snorlax” naps.
Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates ... Show More
35m 27s
May 2023
Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.
Babuk source code provides criminal inspiration. CISA and FBI release a joint report on PaperCut. There are more bad bots out there than anyone would like. Phishing-as-a-service tools in the C2C market. CISA’s Eric Goldstein advocates the adoption of strong controls, defensible n ... Show More
27m 30s
Feb 2025
DeepSeek AI Controversies, Shadow AI Risks: Cyber Security Today for Wednesday February 5, 2025
In this episode of Cybersecurity Today with Jim Love, explore the growing concerns surrounding DeepSeek AI's censorship and lack of guardrails, the rise of 'Shadow AI' in workplaces, and how cybercriminals exploit major cloud providers like AWS and Azure. Learn about a phishing s ... Show More
10m 4s
Jan 2025
Hacking the bureau.
The FBI warns agents of hacked call and text logs. The US Treasury sanctions entities tied to North Korea’s fake IT worker operations. Russian hacking group Star Blizzard attempted to infiltrate WhatsApp accounts of nonprofits supporting Ukraine. Yubico discloses a critical vulne ... Show More
40m 16s
Listen to millions of songs and podcasts on Anghami