Is Your API Being Abused And Would You Even Notice If It Was

Описание: This is a session given by David Stewart at Nordic APIs 2018 Platform Summit on October 24th, in Stockholm, Sweden.

Description:
APIs are a wonderful thing and bring many benefits, but by their very nature they are also a window into how your business operates. If someone can exploit your system for gain, they will.

This presentation will give multiple real examples of API abuse in the wild, via methods such as data scraping, service misuse/cheating, unauthorized aggregation and fake account creation. How is it done, how are existing API controls bypassed, and what are the business implications?
The audience will learn that API abusers are inventive and they use smart tools. The audience will also learn who some of these API abusers are, and may be surprised by the result. (Spoiler: they can be your customers!)

Finally, some guidance will be given around what additional access controls can be put in place to ensure API based businesses continue to prosper.