Jayesh Ahire

And that's where the third category, which I mentioned, which is inventory management, comes into picture, where somebody actually exploited an older API, older version of the API, which was accessible even after it was supposed to be retired a long time back. There's also a telecom provider in the US, which also had a very similar incident.

And that's where the third category, which I mentioned, which is inventory management, comes into picture, where somebody actually exploited an older API, older version of the API, which was accessible even after it was supposed to be retired a long time back. There's also a telecom provider in the US, which also had a very similar incident.

And that was more around the web interfaces, which were in the play. And the APIs, the older APIs, again, which had weak authentication in place, were still publicly accessible, publicly available. Then Facebook went to something pretty similar back in 2018, where access tokens for 50 million user accounts are leaked purely because of the flaw in the business logic workflow.

And that was more around the web interfaces, which were in the play. And the APIs, the older APIs, again, which had weak authentication in place, were still publicly accessible, publicly available. Then Facebook went to something pretty similar back in 2018, where access tokens for 50 million user accounts are leaked purely because of the flaw in the business logic workflow.

And that was more around the web interfaces, which were in the play. And the APIs, the older APIs, again, which had weak authentication in place, were still publicly accessible, publicly available. Then Facebook went to something pretty similar back in 2018, where access tokens for 50 million user accounts are leaked purely because of the flaw in the business logic workflow.

and the authentication they had on those APIs was weak. Somebody found the vulnerability, exploited, and that resulted into the leak of 50 million user, 50 million access tokens for 50 million user accounts. When we talk about all of these things, you'll see that most of the issues or most of the exploits which happen because of very small issues.

and the authentication they had on those APIs was weak. Somebody found the vulnerability, exploited, and that resulted into the leak of 50 million user, 50 million access tokens for 50 million user accounts. When we talk about all of these things, you'll see that most of the issues or most of the exploits which happen because of very small issues.

and the authentication they had on those APIs was weak. Somebody found the vulnerability, exploited, and that resulted into the leak of 50 million user, 50 million access tokens for 50 million user accounts. When we talk about all of these things, you'll see that most of the issues or most of the exploits which happen because of very small issues.

When you look at these things afterwards, you feel like this was a silly mistake. But those small mistakes can result into a huge impact. like reputational impact, monitoring on organizations. Some of these things could have been easily avoided by having the right set of standards in place, having the right set of security testing in place.

When you look at these things afterwards, you feel like this was a silly mistake. But those small mistakes can result into a huge impact. like reputational impact, monitoring on organizations. Some of these things could have been easily avoided by having the right set of standards in place, having the right set of security testing in place.

When you look at these things afterwards, you feel like this was a silly mistake. But those small mistakes can result into a huge impact. like reputational impact, monitoring on organizations. Some of these things could have been easily avoided by having the right set of standards in place, having the right set of security testing in place.

But as the processes go, we always learn our lessons when we get impacted and then we start putting right things in place.

But as the processes go, we always learn our lessons when we get impacted and then we start putting right things in place.

But as the processes go, we always learn our lessons when we get impacted and then we start putting right things in place.

That's millions and millions of users. It's easy to see how important this testing is and how important it is to catch these vulnerabilities ahead of time. Now, I'm curious, from your perspective, how can organizations create an effective API testing framework that addresses these types of vulnerabilities?

That's millions and millions of users. It's easy to see how important this testing is and how important it is to catch these vulnerabilities ahead of time. Now, I'm curious, from your perspective, how can organizations create an effective API testing framework that addresses these types of vulnerabilities?

That's millions and millions of users. It's easy to see how important this testing is and how important it is to catch these vulnerabilities ahead of time. Now, I'm curious, from your perspective, how can organizations create an effective API testing framework that addresses these types of vulnerabilities?

One of the things which is very prominent and very important when it comes to this is having everything part of your development lifecycle. So if testing is part of your development lifecycle, it saves a lot of pain, it saves a lot of money because...

One of the things which is very prominent and very important when it comes to this is having everything part of your development lifecycle. So if testing is part of your development lifecycle, it saves a lot of pain, it saves a lot of money because...

One of the things which is very prominent and very important when it comes to this is having everything part of your development lifecycle. So if testing is part of your development lifecycle, it saves a lot of pain, it saves a lot of money because...