Modern applications make liberal use of APIs and micro services which are powering mobile apps like Twitter and Facebook and providing rich client experiences like Gmail. APIs are what connect the billions of Internet of Things (IoT) devices to the cloud where the data they collect is processed, crunched, and made useful. As great as APIs are for developers and end users, they have created some very serious challenges for security experts. All too often, APIs are going completely untested, leaving vulnerabilities undiscovered. Unfortunately, APIs carry the exact same security risks that we have been fighting with web applications for years. They enable traffic to pass through normal corporate defenses like network firewalls, and just like web applications, they are vulnerable to SQL injection, XSS, and many of the attacks we’re used to because they access sensitive corporate data and pass it back and forth to all kinds of applications.

Watch this webcast to learn:

• Why APIs create very serious challenges for security experts
• How SQL injection and other vulnerabilities hide in APIs and micro services
• How you can begin to understand and test your APIs
• Some of the latest techniques in API security testing

Speakers: Kim Dinerman, Senior Product Marketing Manager at Rapid7 and Scott Davis, Application Security Researcher at Rapid7