Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]
Manage episode 317612441 series 2394076
This episode features guest Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security. The research, “Scorched Earth: Hacking Bank APIs,” unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries.
In her Money 20/20 keynote presentation entitled “Scorched Earth: Hacking Bank APIs”. In her presentation, Alissa revealed that she was able to gain access to 55 different banks and change PIN codes and move money in and out of accounts. Three lessons learned include: API security vulnerabilities affect all enterprises, API security needs to be operationalized across the enterprise, and API security requires posture management, runtime security, and active testing.
Details can be found here:
- White paper: Hacking Banks and Cryptocurrency Exchanges Through Their APIs
- Blog post: 3 API Security Lessons from “Scorched Earth: Hacking Bank APIs”
- Press release: New Research Shows Vulnerabilities in Banking, Cryptocurrency Exchange, and FinTech APIs Allow Unauthorized Transactions and PIN Code Changes of Customers
- Alissa's presentation at Money 20/20.
2863 tập
Manage episode 317612441 series 2394076
This episode features guest Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security. The research, “Scorched Earth: Hacking Bank APIs,” unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries.
In her Money 20/20 keynote presentation entitled “Scorched Earth: Hacking Bank APIs”. In her presentation, Alissa revealed that she was able to gain access to 55 different banks and change PIN codes and move money in and out of accounts. Three lessons learned include: API security vulnerabilities affect all enterprises, API security needs to be operationalized across the enterprise, and API security requires posture management, runtime security, and active testing.
Details can be found here:
- White paper: Hacking Banks and Cryptocurrency Exchanges Through Their APIs
- Blog post: 3 API Security Lessons from “Scorched Earth: Hacking Bank APIs”
- Press release: New Research Shows Vulnerabilities in Banking, Cryptocurrency Exchange, and FinTech APIs Allow Unauthorized Transactions and PIN Code Changes of Customers
- Alissa's presentation at Money 20/20.
2863 tập
Tất cả các tập
×Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.