Season 2 Episode 10

API security decoded with Corey Ball

Headshot of Corey Ball, API security leader and expert
Corey Ball

Application programming interfaces (APIs) are taking over the internet. APIs now make up 83% of internet traffic because they help applications communicate with each other via API calls. And they’re a critical threat vector for companies. Corey Ball, author of “Hacking APIs,” saw the API takeover happening and realized there was a gap in security training and tactics.

He founded APIsec University, which offers online courses to help level up the infosec community’s API security testing skills. APIs are essentially direct links to a company’s database, a valuable target for a malicious actor, and their flaws can be difficult to detect without proper documentation and thorough analysis.

Security teams are just beginning to understand how to tackling API security and Corey outlines how they can get started and which executives, including the board of directors, need to be aware of their API attack surface.

Listen to learn more about:

  • His favorite API vulnerability
  • Why generic security scanners can’t detect API security flaws
  • The future of API security