This contains promotional content. Learn more.
A Their Story interview with Sean Martin and Marco Ciappelli
Guest: Jason Kent
The organization telling us their story today is Cequence Security.
Get ready for history to repeat itself. The down and dirty story of web application security.
We’ve had a real problem in getting the web to run securely, and we still have some challenges with web application security—it should not come as a surprise to anyone that, while this environment is getting better, it is still pretty much misunderstood.
Even though we’ve raised awareness for DevSecOps over the years—we still see some issues with the OWASP Top 10 (as one measuring stick). However, while we continue to try to figure out that space, we've pretty much gotten it to the point where most of the big ticket items are taken care (by those that take it seriously, anyway).
However, since we are humans, we seem to be repeating all of these same mistakes in a different part of the application world—the API layer. We're forgetting that the API layer is really meant for computer to computer communications, changing the game for how we approach authentication, access control, communications, instructions, behaviors, and more. As one example, things like rate limiting can really become a problem if not addressed.
To help us understand this world better, have a listen to Jason Kent, Hacker in Residence at Cequence Security, as he shares with us some of the fun ways he hacks on applications—namely through APIs.