The importance of security
In April 2013, hackers hijacked the Associated Press’ Twitter account to post one fake tweet about two bombs exploding at the White House and the President being injured. As a result, the stock market went into a 143-point free-fall before the hoax was exposed and Dow Jones Industrial Index recovered. The entire episode may have only lasted 3 minutes, but thanks to programmed trading, billions of dollars can be made or lost in milliseconds. Unfortunately, there’s no way to know for sure how much real damage was done during this episode since the Dow’s recovery didn’t necessarily unwind the losses many incurred when that hoax erased more than $136 billion in market value.
If all it takes is one fake tweet to do that sort of damage, then what are the possibilities for a significantly more damaging incident? One that attacks hundreds or thousands of social media accounts and that takes days or weeks to unravel? Hackers — the bad kind — don’t just love scale. They seek it out. The more widespread the damage, the better.
This leads us to one of the biggest security challenges facing the Internet today: API security.
Why API security is so crucial
At first blush, the two seem hardly related. But as more organizations and developers embrace the transformative power of APIs, the more APIs become the new foundation of the Internet. For example, entire Web sites are getting torn down and reconstructed, decoupling their browser-based user experiences from their back-ends; APIs broker the connection between the two. While such layers of APIs create new opportunities to, in very agile fashion, extend the functionality of back-ends to other user experiences (e.g: mobile apps) and software ecosystems, they also result in new attack vectors for hackers to go after. Even better (for the hackers), these attack vectors scale beautifully because scale is one of the biggest advantages of API-led connectivity.
The AP’s Twitter account was compromised as a result of a successful phishing attempt. The damage was limited to one account. But what if the attack targeted the APIs instead — where scale is simply a natural feature (and benefit) of the technology?
As these layers of APIs begin to collectively form the new foundation of the Internet, it is imperative to understand the lengths to which hackers will go to discover and exploit the weaknesses in their security, as well as that of the surrounding technologies that could provide a back door.
Find out how to make your APIs more secure
In the webinar “The Biggest API Security Fails and How to Fix Them,” I’ll be joined by ProgrammableWeb’s editor in chief David Berlind who will recount the underlying details behind some of the Internet’s most recent and notoriously public attacks in a way that will cause you rethink your API security in a far more holistic fashion than you probably are.
As he deconstructs these real world attacks, David will also discuss what could measures could have been taken to prevent them, or at the very least, slow the hackers down.
This webinar will provide a comprehensive look at API security. Don’t miss it.