Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Think like a hacker: Reducing cyber security risk by improving API design and protection
Cyber Security: A Peer-Reviewed Journal,
4
(1),
48-57
(2020)
Abstract
Application programming interface (API) traffic now dominates the Internet. Unlike traditional web forms, APIs are faster and more powerful, but often do not get the correct protection — expanding the security risk for organisations. APIs connect people, places and things to create seamless integrations, richer experiences and new revenue models. This paper deals with when an API is misused, and stipulates how the exposure to an organisation can be significant. The paper discusses why it is no longer safe to assume APIs will be used as intended or remain hidden to prevent unauthorised access or abuse. To stay ahead of the next cyber security exploit, API developers need to start thinking like a hacker. The paper promotes a proactive approach to identifying, designing, managing and protecting APIs which will minimise the attack surface and prevent damaging data breaches.
Keywords: API; attack surface; apps; Internet of Things (IoT); pen testing; hacking; web security
The full article is available to subscribers to the journal.
Author's Biography
Gerhard Giese is Industry Strategist at Akamai Technologies. Gerhard started at Akamai in 2010 and is now manager in the Financial Sector, responsible for customer advisory, information sharing and consulting. With more than 20 years’ experience in the security field, Gerhard has accumulated in-depth expertise in network security as well as distributed denial of service (DDoS) mitigation and data theft prevention. He continues to interact directly with clients as a trusted security adviser, to identify the most pressing challenges for online businesses. In addition, Gerhard regularly delivers talks at industry conferences and works as an independent consultant for federal state authorities such as the German Ministry of IT Defence. Prior to Akamai, Gerhard was a senior network engineer at McAfee. Gerd holds CISSP and CCSP certifications and is a certified ethical hacker.
