REST APIs are everywhere and they’re insecure.

[00:03:13] So from a penetration testing perspective, how do you approach that? Do you just go after the API or is it part of your overall scope to look at the security of REST API? How do you approach it?

Mateusz Olejarka[00:03:28]  I think we should talk about this in two different ways because there is a difference between public facing REST API which is available for everyone on internet and then internal application where we have access to source code and we can test things like authentication bypasses, injection vulnerabilities, SQLi or whatever. So I will try to explain both cases separately

Back to Main