24 October 2024

The Haunted House of APIs - The Haunted Web of APIs with Richard Bird

About

The Haunted House of API's

Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

The Haunted Web: Navigating API Sprawl and Creepy Crawlers

Today’s episode is titled The Haunted Web: Navigating API Sprawl and Creepy Crawlers, with Traceable’s Chief Security Officer, Richard Bird. As organizations scale and evolve, so does the complexity of their APIs. API sprawl, the uncontrolled expansion of APIs, creates a tangled web where vulnerabilities linger in the shadows. These unseen APIs become “creepy crawlers” of your digital infrastructure, creeping through your systems and posing security risks. Richard will discuss how unmanaged and undocumented APIs contribute to blind spots in security, the risks they create for organizations and the best strategies for securing a sprawling ecosystem.

Discussion questions:

Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?Why do these APIs often go unnoticed, and how do they become security risks?What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?