Katie Paxton-Fear (InsiderPhD)
The biggest mistake I see in API security will probably surprise you... Whether in offensive security or defending APIs, most teams make one fundamental mistake that leaves their APIs vulnerable, they forget that APIs are web applications.
#apisecurity #apihacking #apis
Feb 21, 2025 at 11:05amWeb
Show threadKatie Paxton-Fear (InsiderPhD)Feb 21, 2025
Everyone gets so caught up in what makes them different and special that they forget about what makes them the same! Everyone is so busy thinking about APIs and API security only, that they completely forget that they are just web apps that return JSON rather than a pretty UI
Show threadKatie Paxton-Fear (InsiderPhD)Feb 21, 2025
And yes, they are special in lots of ways and there are different considerations for APIs than other applications because of how they're used, but that doesn't mean we throw out all the lessons from traditional web security because we see a JWT in a request