Jayesh Ahire

Yeah, I'm Jaish. I run product management here at Traceable. Been here for almost five years now, playing to the API security world. Before this, I was running my own venture in machine learning, cloud ops, DevOps. I read a lot. Since last few years, I have been doing 100 books a year. It's been interesting going through the list and reading around a lot of different things.

that's one part other thing i also write poems in my mother tongue in english depending on the mood also published few books around it and so some technical ones i like to write as well i used to play guitar and piano but yeah reading writing poetry that's a jam for these days

that's one part other thing i also write poems in my mother tongue in english depending on the mood also published few books around it and so some technical ones i like to write as well i used to play guitar and piano but yeah reading writing poetry that's a jam for these days

that's one part other thing i also write poems in my mother tongue in english depending on the mood also published few books around it and so some technical ones i like to write as well i used to play guitar and piano but yeah reading writing poetry that's a jam for these days

That gives a picture of a well-rounded individual, and I appreciate you sharing all that. Let's dive into it then. So we're talking about OWASP vulnerabilities and API testing. Diving into the witch's brew, we're calling it. What are some of the most common vulnerabilities in APIs that align with the OWASP top 10? And tell me why they're so dangerous.

That gives a picture of a well-rounded individual, and I appreciate you sharing all that. Let's dive into it then. So we're talking about OWASP vulnerabilities and API testing. Diving into the witch's brew, we're calling it. What are some of the most common vulnerabilities in APIs that align with the OWASP top 10? And tell me why they're so dangerous.

That gives a picture of a well-rounded individual, and I appreciate you sharing all that. Let's dive into it then. So we're talking about OWASP vulnerabilities and API testing. Diving into the witch's brew, we're calling it. What are some of the most common vulnerabilities in APIs that align with the OWASP top 10? And tell me why they're so dangerous.

When we talk about APIs, right? One of the things which is prominent these days is every single thing we are building, like every single product, every single software, every single app is running on APIs. And that's where we talk about vulnerabilities. The impact also increases because everything is an API at the end of the day.

When we talk about APIs, right? One of the things which is prominent these days is every single thing we are building, like every single product, every single software, every single app is running on APIs. And that's where we talk about vulnerabilities. The impact also increases because everything is an API at the end of the day.

When we talk about APIs, right? One of the things which is prominent these days is every single thing we are building, like every single product, every single software, every single app is running on APIs. And that's where we talk about vulnerabilities. The impact also increases because everything is an API at the end of the day.

And that's why I categorize these vulnerabilities or even dangers into three broad categories. One is the access control. We are building these APIs, but sometimes you just left the door open. And that door can be exploited by attackers to get the information. In access control, there are vulnerabilities like BOLAs.

And that's why I categorize these vulnerabilities or even dangers into three broad categories. One is the access control. We are building these APIs, but sometimes you just left the door open. And that door can be exploited by attackers to get the information. In access control, there are vulnerabilities like BOLAs.

And that's why I categorize these vulnerabilities or even dangers into three broad categories. One is the access control. We are building these APIs, but sometimes you just left the door open. And that door can be exploited by attackers to get the information. In access control, there are vulnerabilities like BOLAs.

Nowadays, in the new OWASP API top 10, we have BOPLA, which is Broken Object Properties Authorization. Then there's always BAFLA, which is Broken Function Level Authorization. Not to just throw some terms, but essentially when the API was built, the authentication authorization was not configured properly. And that's where somebody else can get access to somebody else's information.

Nowadays, in the new OWASP API top 10, we have BOPLA, which is Broken Object Properties Authorization. Then there's always BAFLA, which is Broken Function Level Authorization. Not to just throw some terms, but essentially when the API was built, the authentication authorization was not configured properly. And that's where somebody else can get access to somebody else's information.

Nowadays, in the new OWASP API top 10, we have BOPLA, which is Broken Object Properties Authorization. Then there's always BAFLA, which is Broken Function Level Authorization. Not to just throw some terms, but essentially when the API was built, the authentication authorization was not configured properly. And that's where somebody else can get access to somebody else's information.

Which is, again, problematic when literally we are dealing with banks, dealing with health care, where all of the information is pretty sensitive and pretty critical. But access control part is the most prominent one and most exploited one we have seen in the last few years at the very least. It's first in OWASP API doctrine. The second part of that is data privacy.

Which is, again, problematic when literally we are dealing with banks, dealing with health care, where all of the information is pretty sensitive and pretty critical. But access control part is the most prominent one and most exploited one we have seen in the last few years at the very least. It's first in OWASP API doctrine. The second part of that is data privacy.

Which is, again, problematic when literally we are dealing with banks, dealing with health care, where all of the information is pretty sensitive and pretty critical. But access control part is the most prominent one and most exploited one we have seen in the last few years at the very least. It's first in OWASP API doctrine. The second part of that is data privacy.

That's where the excessive data exposure comes into picture, where we are actually showing the information in plain text or in responses or in places in the UI where it shouldn't be there. We have seen a bunch of news articles coming around this part where the social security numbers of thousands of people leaked or millions of people leaked at bad points.