Podcast

21: Troy Hunt: Hack Your API-Security Testing

By Test Guild
  • Share:
Join the Guild for FREE
Troy Hunt Security Testing

How to hack your APIs  Are you doing all you can to ensure that your APIs are secure? If you haven’t started security testing yet, now is the time. It is estimated that by 2020 there will be more than 50 billion objects connected to the Internet, and most of those objects will be using APIs. Not sure where to start?

Troy Hunt, author of the Pluralsight course Hack Your API First, shares all you need to know about the basics of API security testing, including the tools and techniques you’ll need to quickly get started. Troy’s motto is, “Hack yourself before you get hacked!”

About Troy Hunt

TroyHunt

Troy is a Software Architecture Lead for a Fortune 50 healthcare company, Microsoft MVP for Developer Security and ASPInsider who's been building software for browsers since the very early days of the web. He blogs regularly about web security at troyhunt.com and is the author of the OWASP Top 10 for .NET developers series and the free eBook of the same name. He's also a frequent conference speaker and the creator of the Automated Security Analyzer for ASP.NET Websites (ASafaWeb) at asafaweb.com. Away from electronic devices, Troy is an avid snowboarder, windsurfer, tennis player and regular motor sport participant.

Quotes & Insights from this Test Talk

  • The earlier we can find security issues in the APIS we’re developing, the better.
  • It’s a good idea to have a dedicated security professional on your team.
  • The life of an app doesn’t end after we release; ongoing, continuous monitoring is always a good idea.
  • Never get lulled into thinking your API/Application is safe; it’s kind of like saying your car is safe. Validation is needed on the client and the server.
  • Just look at the HTTP request and forget about the client, and see what you can find.
  • You’ve got to assume that an attacker owns the device and the connection, and he can manipulate anything on either the client or server side.
  • Not expecting your services to be discoverable is a common blind spot in API security.
  • Returning excessive data is a common issue with Rest service security.

Resources

Tools

Connect with Troy

May I Ask You For a Favor? Thanks again for listening to the show. If it has helped you in any way, shape or form, please share it using the social media buttons you see on the page. Additionally, reviews for the podcast on iTunes are extremely helpful and greatly appreciated! They do matter in the rankings of the show and I read each and every one of them.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Thank you very much Joe for the great work that you are doing for the testing community.
    This particular episode opened my eyes to ways to detect software security loopholes and i would definitely recommend listeners to listen to it.
    Keep up the good work, Joe

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

267: Smart Test Execution with Eran Sher

Posted on 08/25/2019

Do you run an entire automation test for every build because you don’t ...

266: Automation Journey and TestNG with Rex Jones II

Posted on 08/18/2019

In this episode we’ll test talk with Rex Jones about his automation testing ...

265: TestProject a Community Testing Platform with Mark Kardashov

Posted on 08/11/2019

In this episode, we’ll talk to Mark Kardashov, CEO and Co-Founder of TestProject, ...