
Sign up to save your podcasts
Or
TNS host Heather Joslyn sits down with Ron Masas to discuss trade-offs when it comes to creating fast, secure applications and APIs. He notes a common issue of neglecting documentation and validation, leading to vulnerabilities. Weak authorization is a recurring problem, with instances where changing an invoice ID could expose another user's data.
Masas, an ethical hacker, highlights the risk posed by "zombie" APIs—applications that have become disused but remain potential targets. He suggests investigating frameworks, checking default configurations, and maintaining robust logging to enhance security. Collaboration between developers and security teams is crucial, with "security champions" in development teams and nuanced communication about vulnerabilities from security teams being essential elements for robust cybersecurity.
For further details, the podcast discusses case studies involving TikTok and Digital Ocean, Masas's views on AI and development, and anticipated security challenges.
Learn more from The New Stack about Imperva and API security:
What Developers Need to Know about Business Logic Attacks
Why Your APIs Aren’t Safe — and What to Do about It
The Limits of Shift-Left: What’s Next for Developer Security
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
4.3
3131 ratings
TNS host Heather Joslyn sits down with Ron Masas to discuss trade-offs when it comes to creating fast, secure applications and APIs. He notes a common issue of neglecting documentation and validation, leading to vulnerabilities. Weak authorization is a recurring problem, with instances where changing an invoice ID could expose another user's data.
Masas, an ethical hacker, highlights the risk posed by "zombie" APIs—applications that have become disused but remain potential targets. He suggests investigating frameworks, checking default configurations, and maintaining robust logging to enhance security. Collaboration between developers and security teams is crucial, with "security champions" in development teams and nuanced communication about vulnerabilities from security teams being essential elements for robust cybersecurity.
For further details, the podcast discusses case studies involving TikTok and Digital Ocean, Masas's views on AI and development, and anticipated security challenges.
Learn more from The New Stack about Imperva and API security:
What Developers Need to Know about Business Logic Attacks
Why Your APIs Aren’t Safe — and What to Do about It
The Limits of Shift-Left: What’s Next for Developer Security
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
272 Listeners
284 Listeners
152 Listeners
40 Listeners
9 Listeners
621 Listeners
3 Listeners
441 Listeners
4 Listeners
202 Listeners
987 Listeners
189 Listeners
181 Listeners
192 Listeners
62 Listeners
47 Listeners
75 Listeners
63 Listeners