API SECURITY BEST PRACTICES 2022

In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball (Corey's Twitter) about what does API in a modern software stack looks like and how these can be attacked and protected Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Corey Ball (Corey's Twitter) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (02:40) https://snyk.io/csp (02:51) Corey's professional background (03:11) Corey's journey to be cybersecurity author (04:36) What is API and why its important in 2022? (06:44) Is API is the backend or frontend pf applications? (08:36) What are people doing wrong with APIs? (12:16) Best Practice for API Security? (13:20) Most surprising things being seen in API Security? (14:35) How do you find API keys? (16:07) API gateway as a security control point (18:25) OWASP Top 10 API Security (20:00) Monitoring and detecting for API Security (20:57) How to approach pentesting APIs? (22:35) Learn about API hacking (25:22) API Security in the Cloud (29:05) Rest API vs GraphQL (34:27) Pentest  by consuming application documentation (36:10) Which APIs should be public?