Start / Cloud Security Podcast / Api security best practices 2022

API SECURITY BEST PRACTICES 2022

40 min • 5 september 2022

In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball (Corey's Twitter) about what does API in a modern software stack looks like and how these can be attacked and protected

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Corey Ball (Corey's Twitter)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News

- Cloud Security Academy

Spotify TimeStamp for Interview Questions

(00:00) Ashish's Intro to the Episode

(02:40) https://snyk.io/csp

(02:51) Corey's professional background

(03:11) Corey's journey to be cybersecurity author

(04:36) What is API and why its important in 2022?

(06:44) Is API is the backend or frontend pf applications?

(08:36) What are people doing wrong with APIs?

(12:16) Best Practice for API Security?

(13:20) Most surprising things being seen in API Security?

(14:35) How do you find API keys?

(16:07) API gateway as a security control point

(18:25) OWASP Top 10 API Security

(20:00) Monitoring and detecting for API Security

(20:57) How to approach pentesting APIs?

(22:35) Learn about API hacking

(25:22) API Security in the Cloud

(29:05) Rest API vs GraphQL

(34:27) Pentest by consuming application documentation

(36:10) Which APIs should be public?

Senaste avsnitt

API SECURITY BEST PRACTICES 2022

Senaste avsnitt

How BT Tackled 180 Years of Legacy to Build a Passwordless Future

Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI

Guide to Hybrid Cloud & Bare Metal Secret Management

"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control

Prioritizing Cloud Security: How to Decide What to Protect First

Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World

Using AI Agents to Solve Cloud Vulnerability Overload

Adapting to New Threats, Copilot Risks & The Future of Data (Feat. Matthew Radolec, Varonis)

Securing AI: Threat Modeling & Detection

CYBERSECURITY for AI: The New Threat Landscape & How Do We Secure It?

Cloud Security Evolved: From CNAPP to AI Threats

RSA Conference 2025 Recap: Top Themes, Actionable Insights & Future Trends

Mindset: Modern SOC Strategies for Cloud & Kubernetes (Ft Sergej Epp. Ex-Deutsche Bank)

Scaling Container Security Without Slowing Developers

How Attackers Stay Hidden Inside Your Azure Cloud

How Confluent Migrated Kubernetes Networking Across AWS, Azure & GCP

The New Future of Cloud Security: Vendor Lock-In, Runtime, and SOC Readiness

Detection Engineering with Google Cloud

CNAPPs & CSPMs don’t tell the full cloud security story

Securing AI Applications in the Cloud

Realities of Cloud Networking in AWS

Cloud Incident Response in Microsoft Azure

AWS Multi-Account Security: What Netflix Learned

Cloud Security Detection & Response Strategies That Actually Work

CISO Challenges Across Industries

Why Solving the Data Problem is Key to Cloud Security?

The economics of cybersecurity and trends

The Truth About CNAPP and Kubernetes Security

Cybersecurity Isn’t Crowded: Security Engineering and the 5,000 Vendor Problem

Centralized VPC Endpoints - Why It Works for AWS Networking

What is CADR?

Building Platforms in Regulated Industries

Dynamic Permission Boundaries: A New Approach to Cloud Security

Building a Resilient Cloud Security Program after Merger and Acquisition

Building Data Perimeter in Cloud in 2024

Navigating NIST CSF 2.0: Guide to Frameworks and Governance

Building a SOC Team in 2024 - Automation & AI

Cloud Identity Lifecycle Management Explained!

Traditional PAM vs Cloud CPAM for a cloud first world

The Role of Cloud Security Research in 2024

Edge Security is the Key to Cloud Protection

Is your CI/CD Pipeline your Biggest Security Risk?

State of Cloud Security - Practitioner Edition

BlackHat USA 2024 Highlights and Recap

Building an Incident Response Team for High-Growth Companies

State of Cloud Security 2024 - Leadership Edition

Cloud Native Strategies from a FinTech CISO

Fixing Cloud Security with AWS Lambda

What is confidential computing? Explained for 2024

The Evolution of Infrastructure as Code so far - 2024 Edition

What is AI-SPM?

Creating Effective Sigma Rules with AI

What is the future of security operations with AI in 2024?

Cloud Native Security Strategies for 2024

Real-World Cloud Security Challenges and Solutions Explained for 2024

Why Least Privilege Matters in Cloud Security?

How is Kubernetes Network Security Evolving?

The Future of Software Development with AI

The role of Real Time Defense in Cloud Security

CISO's guide to embracing risk in business

Why Email Breaches Still Happen?

Essential Strategies to master Incident Response in Cloud

From Code Suggestions to Security

Cloud Security Operations for Modern Threats

Understanding Threat Modeling in Cloud

Balancing Efficiency & Security: AI’s Transformation of Legal Data Analysis

Sidecar Container Vulnerability in Kubernetes explained

Role of application security posture management in cybersecurity

Cybersecurity Best Practices and Password Security in Cloud and AI

Multicloud strategy for AWS and GCP

AI's Role in Security Efficiency - Kubernetes Edition

Build an Effective AWS Cloud Security Program in 2024

Offensive Cloud Security Program for 2024

Understand Your Cloud Security Landscape to cut through the noise!

Kubernetes Security Trends 2024 | Software Supply Chain Security, Zero Trust and AI

Kubernetes Network Security for Multi Tenancy

AWS reInvent 2023 - Security highlights and announcements

eBPF - Kubernetes Network Security without the Blind Sides!