"In a world where business continuity is now an integral part of everyday life, the Journal provides a holistic look across all industries at how others manage risk. The insights provided are thought provoking and very practical. During its years of publication, the Journal has grown from strength to strength in both its readership and quality and depth of the challenging articles."
Think like a hacker: Reducing cyber security risk by improving api design and protection
Click the button below to download the full text of the article.
Abstract: Application programming interface (API) traffic now dominates the Internet. Unlike traditional web forms, APIs are faster and more powerful, but often do not get the correct protection — expanding the security risk for organisations. APIs connect people, places and things to create seamless integrations, richer experiences and new revenue models. This paper deals with when an API is misused, and stipulates how the exposure to an organisation can be significant. The paper discusses why it is no longer safe to assume APIs will be used as intended or remain hidden to prevent unauthorised access or abuse. To stay ahead of the next cyber security exploit, API developers need to start thinking like a hacker. The paper promotes a proactive approach to identifying, designing, managing and protecting APIs which will minimise the attack surface and prevent damaging data breaches.
KEYWORDS: API; attack surface; apps; Internet of Things (IoT); pen testing; hacking; web security