Jayesh Ahire

Let's say, talking about something around payment gateways. So if you're sending the sensitive information about your user to the payment gateway, and that's excessive data exposure, that can only be caused at the APLF and DAS tools picking up on it or SaaS tools picking is pretty hard by definition.

Then another part is everything is evolving with all the things in place now with LLMs, with chat GPT, with even traditionally the cloud native development practices. Your applications are evolving so quickly that for traditional security testing tools to keep up with the

Then another part is everything is evolving with all the things in place now with LLMs, with chat GPT, with even traditionally the cloud native development practices. Your applications are evolving so quickly that for traditional security testing tools to keep up with the

Then another part is everything is evolving with all the things in place now with LLMs, with chat GPT, with even traditionally the cloud native development practices. Your applications are evolving so quickly that for traditional security testing tools to keep up with the

whole pace is pretty hard learning the context is pretty hard so that's where the contextual security testing on apis comes into picture and that's where i feel the api security testing becomes a better alternative to traditional tools when it comes to dealing with complexity which api brings into the whole conversation at the same time the continuous evolution we are seeing around the development cycles

whole pace is pretty hard learning the context is pretty hard so that's where the contextual security testing on apis comes into picture and that's where i feel the api security testing becomes a better alternative to traditional tools when it comes to dealing with complexity which api brings into the whole conversation at the same time the continuous evolution we are seeing around the development cycles

whole pace is pretty hard learning the context is pretty hard so that's where the contextual security testing on apis comes into picture and that's where i feel the api security testing becomes a better alternative to traditional tools when it comes to dealing with complexity which api brings into the whole conversation at the same time the continuous evolution we are seeing around the development cycles

Certainly. OK, that clarifies that for me. And, you know, how important, right, the testing portion of it is. And I imagine that, you know, when you don't get the testing right, finding a vulnerability after the fact can can lead to a significant problem. Can you share an example of how maybe one of these overlooked vulnerabilities led to a significant security breach?

Certainly. OK, that clarifies that for me. And, you know, how important, right, the testing portion of it is. And I imagine that, you know, when you don't get the testing right, finding a vulnerability after the fact can can lead to a significant problem. Can you share an example of how maybe one of these overlooked vulnerabilities led to a significant security breach?

Certainly. OK, that clarifies that for me. And, you know, how important, right, the testing portion of it is. And I imagine that, you know, when you don't get the testing right, finding a vulnerability after the fact can can lead to a significant problem. Can you share an example of how maybe one of these overlooked vulnerabilities led to a significant security breach?

Without naming the companies, I was in Australia back in 2022 and met CISOs of one of the major telecoms there. One thing, they went to the breach pretty recently at that time, and the breach was more leaking sensitive information, including passport details, phone numbers, addresses, a bunch of other things for millions of their users.

Without naming the companies, I was in Australia back in 2022 and met CISOs of one of the major telecoms there. One thing, they went to the breach pretty recently at that time, and the breach was more leaking sensitive information, including passport details, phone numbers, addresses, a bunch of other things for millions of their users.

Without naming the companies, I was in Australia back in 2022 and met CISOs of one of the major telecoms there. One thing, they went to the breach pretty recently at that time, and the breach was more leaking sensitive information, including passport details, phone numbers, addresses, a bunch of other things for millions of their users.

When we went through how it happened, the reason was they had one of these APIs which were publicly available. But that API was supposed to be retired way back. So they developed a newer version which had better security gates in place, which had better standards in place, which had weight limiting in place. They released it. It was still, again, it was accessible to everybody.

When we went through how it happened, the reason was they had one of these APIs which were publicly available. But that API was supposed to be retired way back. So they developed a newer version which had better security gates in place, which had better standards in place, which had weight limiting in place. They released it. It was still, again, it was accessible to everybody.

When we went through how it happened, the reason was they had one of these APIs which were publicly available. But that API was supposed to be retired way back. So they developed a newer version which had better security gates in place, which had better standards in place, which had weight limiting in place. They released it. It was still, again, it was accessible to everybody.

But at the same time, the older version, which they were supposed to retire, they didn't. And attacker exploited the exact old version to get all of the information for millions of their users. That was painful to watch.

But at the same time, the older version, which they were supposed to retire, they didn't. And attacker exploited the exact old version to get all of the information for millions of their users. That was painful to watch.

But at the same time, the older version, which they were supposed to retire, they didn't. And attacker exploited the exact old version to get all of the information for millions of their users. That was painful to watch.

And that's where the third category, which I mentioned, which is inventory management, comes into picture, where somebody actually exploited an older API, older version of the API, which was accessible even after it was supposed to be retired a long time back. There's also a telecom provider in the US, which also had a very similar incident.