IEEE Women in Engineering

Loading Events

« All Events

  • This event has passed.

How Low-Tech Hackers Hack Your APIs in 15 Min or Less

June 3 @ 6:30 pm - 7:30 pm

Hear from a former hacker on how to stay secure in an era where mobile apps and APIs are most vulnerable It is very hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to reviews. For example, a “dated trend” by effective yet lazy hackers is to search for API unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data. While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target”, the same can be said for Shadow API….Find, Connect, Extract. This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button – or lines of code in python :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data. Speaker(s): Himanshu Dwivedi, Sophia Napp-Vega Agenda: Hear from a former hacker on how to stay secure in an era where mobile apps and APIs are most vulnerable About this event It is very hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to reviews. For example, a “dated trend” by effective yet lazy hackers is to search for API unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data. While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target”, the same can be said for Shadow API….Find, Connect, Extract. This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button – or lines of code in python :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data. Santa Clara, California, United States, Virtual: https://events.vtools.ieee.org/m/273719

IEEE WIE
X
X