In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball (Corey's Twitter) about what does API in a modern software stack looks like and how these can be attacked and protected

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Corey Ball (Corey's Twitter)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

Spotify TimeStamp for Interview Questions

(00:00) Ashish's Intro to the Episode

(02:40) https://snyk.io/csp

(02:51) Corey's professional background

(03:11) Corey's journey to be cybersecurity author

(04:36) What is API and why its important in 2022?

(06:44) Is API is the backend or frontend pf applications?

(08:36) What are people doing wrong with APIs?

(12:16) Best Practice for API Security?

(13:20) Most surprising things being seen in API Security?

(14:35) How do you find API keys?

(16:07) API gateway as a security control point

(18:25) OWASP Top 10 API Security

(20:00) Monitoring and detecting for API Security

(20:57) How to approach pentesting APIs?

(22:35) Learn about API hacking

(25:22) API Security in the Cloud

(29:05) Rest API vs GraphQL

(34:27) Pentest  by consuming application documentation

(36:10) Which APIs should be public?