Alissa Knight talks API security, formjacking and hacking | Cyber Work Podcast

Alissa Knight, Senior Analyst at Aite Group, discusses API security, the Magecart hacking group, recent breaches, formjacking skimmers and her upcoming book.

In the podcast, Knight and host Chris Sienko discuss:

– What’s been happening since you’ve been on the podcast last? (3:10)
– You’ve been on an international tour, sharing vulnerabilities you’ve discovered on 30 financial institution mobile apps; how that going? (5:38)
– You’ve discovered during this tour that people were more interested in API security? (8:22)
– Let’s talk about API security; give us an elevator pitch on what API security is and some of the most common API vulnerabilities. (10:45)
– Is API security a new enough issue where it’s okay for organizations to be “off-the-hook” for not knowing how to defend against these vulnerabilities? Or should they know better? (14:08)
– What are your recommendations for securing APIs? (15:35)
– What do you see as the friction point for these organizations not utilizing API security? (17:14)
– Tell us a little bit about the report you did detailing Magecart groups? (18:14)
– Is there a way for users can tell if a site they are on is formjacked, or is it an issue that’s so deeply embedded, that it can only be tackled at the structural level? (21:16)
– What is the expectation of us as online consumers to be aware of these types of hacks? Are there any tips on seeing is a form is jacked? Are we going to have to spend extra time every time we buy online to be aware of potential vulnerabilities? (22:37)
– Let’s get into these Magecart hacking groups. How long have they been around and apart from formjacking, what (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Hunter Reed. Read the original post at:

Secure Coding Practices