BROADCASTS.com

b'

It is hard, if not impossible, to secure something you don\\u2019t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against flaws in code that receives little review. For example, a \\u201cdated trend\\u201d by effective yet lazy hackers is to search for APIs unknown by security teams, coined \\u201cShadow APIs\\u201d, then connect to these APIs and extract data. SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean pay dirt or \\u201cmove on to the next target\\u201d. Now the same can be said for Shadow API: Find, Connect, Extract. Himanshu will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button or a few lines of code in Python.

\\xa0

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw181