Alissa Knight talks API security, formjacking and hacking | Cyber Work Podcast

Alissa Knight, Senior Analyst at Aite Group, discusses API security, the Magecart hacking group, recent breaches, formjacking skimmers and her upcoming book.

Cybersecurity Live - Boston

In the podcast, Knight and host Chris Sienko discuss:

– What’s been happening since you’ve been on the podcast last? (3:10)
– You’ve been on an international tour, sharing vulnerabilities you’ve discovered on 30 financial institution mobile apps; how that going? (5:38)
– You’ve discovered during this tour that people were more interested in API security? (8:22)
– Let’s talk about API security; give us an elevator pitch on what API security is and some of the most common API vulnerabilities. (10:45)
– Is API security a new enough issue where it’s okay for organizations to be “off-the-hook” for not knowing how to defend against these vulnerabilities? Or should they know better? (14:08)
– What are your recommendations for securing APIs? (15:35)
– What do you see as the friction point for these organizations not utilizing API security? (17:14)
– Tell us a little bit about the report you did detailing Magecart groups? (18:14)
– Is there a way for users can tell if a site they are on is formjacked, or is it an issue that’s so deeply embedded, that it can only be tackled at the structural level? (21:16)
– What is the expectation of us as online consumers to be aware of these types of hacks? Are there any tips on seeing is a form is jacked? Are we going to have to spend extra time every time we buy online to be aware of potential vulnerabilities? (22:37)
– Let’s get into these Magecart hacking groups. How long have they been around and apart from formjacking, what (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Hunter Reed. Read the original post at: