Staying secure in an era where mobile apps and APIs are most vulnerable. It is very hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that may be exploitable in the future, basic attacks occur daily with little to no reviews. For example, a “dated trend” by effective yet lazy hackers is to search for APIs unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data.
This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button – or lines of Python code. Attendees will learn about a very basic yet non-so-obvious problem in securing data and how hackers are using creative methods to steal large volumes of data.
Igor Matlin - Solutions Architect, Data Theorem
Developer, traveler, and mobile technology junkie with over 25 years experience in high-tech companies as a software engineer, product manager, and solutions architect. Before joining Data Theorem as a Solutions Architect, Igor worked for application security vendors Checkmarx and Coverity (Synopsys). Prior to jumping head-first into the appsec space, he contributed to mobile technologies at Myriad Group, a leading mobile software company, and mobile browser developer Novarra, acquired by Nokia in 2010.
Google Developer Group Schaumburg