Noah Labhart
π€ SpeakerAppearances Over Time
Podcast Appearances
That's amazing. I have to say kudos on your pursuit of analog activities. They are so important to have a balanced approach there. You spend most of your day in the digital world. So kudos on that.
That's amazing. I have to say kudos on your pursuit of analog activities. They are so important to have a balanced approach there. You spend most of your day in the digital world. So kudos on that.
That's amazing. I have to say kudos on your pursuit of analog activities. They are so important to have a balanced approach there. You spend most of your day in the digital world. So kudos on that.
No doubt. No doubt. Couldn't agree with that more. Well, let's dive into it then. So let's start uncovering some unknown APIs. Before we even go further, can you explain, you know, as we say that, what do we mean when we say unknown APIs? And, you know, there's obviously some different types there, right? Like some words you use like shadow, rogue, zombie, and undocumented APIs.
No doubt. No doubt. Couldn't agree with that more. Well, let's dive into it then. So let's start uncovering some unknown APIs. Before we even go further, can you explain, you know, as we say that, what do we mean when we say unknown APIs? And, you know, there's obviously some different types there, right? Like some words you use like shadow, rogue, zombie, and undocumented APIs.
No doubt. No doubt. Couldn't agree with that more. Well, let's dive into it then. So let's start uncovering some unknown APIs. Before we even go further, can you explain, you know, as we say that, what do we mean when we say unknown APIs? And, you know, there's obviously some different types there, right? Like some words you use like shadow, rogue, zombie, and undocumented APIs.
That all makes sense. So why do these APIs often go unnoticed? And I'm just curious, why do they often go unnoticed and how do they become a security risk?
That all makes sense. So why do these APIs often go unnoticed? And I'm just curious, why do they often go unnoticed and how do they become a security risk?
That all makes sense. So why do these APIs often go unnoticed? And I'm just curious, why do they often go unnoticed and how do they become a security risk?
So a lot of autonomy for a developer. You put an API out there, you check it four years later, it's still there, right? To your example. So they're lurking in the shadows because they're sort of done and then maybe kind of forgotten. But what makes these APIs such an attractive target for attackers? And maybe even can you share an example of how one of these APIs has been exploited?
So a lot of autonomy for a developer. You put an API out there, you check it four years later, it's still there, right? To your example. So they're lurking in the shadows because they're sort of done and then maybe kind of forgotten. But what makes these APIs such an attractive target for attackers? And maybe even can you share an example of how one of these APIs has been exploited?
So a lot of autonomy for a developer. You put an API out there, you check it four years later, it's still there, right? To your example. So they're lurking in the shadows because they're sort of done and then maybe kind of forgotten. But what makes these APIs such an attractive target for attackers? And maybe even can you share an example of how one of these APIs has been exploited?
That's very well described. You have illustrated, you know, the issue, these APIs, you know, to our title, lurking in the shadows that are unknown, but are just tantalizing to hackers. How can organizations begin to uncover these, you know, hidden APIs, these lurking APIs? And, you know, do you have any tools or strategies that you feel are effective in doing this?
That's very well described. You have illustrated, you know, the issue, these APIs, you know, to our title, lurking in the shadows that are unknown, but are just tantalizing to hackers. How can organizations begin to uncover these, you know, hidden APIs, these lurking APIs? And, you know, do you have any tools or strategies that you feel are effective in doing this?
That's very well described. You have illustrated, you know, the issue, these APIs, you know, to our title, lurking in the shadows that are unknown, but are just tantalizing to hackers. How can organizations begin to uncover these, you know, hidden APIs, these lurking APIs? And, you know, do you have any tools or strategies that you feel are effective in doing this?
I totally hear what you're saying there. These are great starting points. But if something's lurking in the shadows, it's going to be hard to find them all. And you need a plan of how to respond to that. And maybe that's part of what your answer will be in this next question. But I'm curious, in your experience, you're the guru, right? You know this world. You live this world every day.
I totally hear what you're saying there. These are great starting points. But if something's lurking in the shadows, it's going to be hard to find them all. And you need a plan of how to respond to that. And maybe that's part of what your answer will be in this next question. But I'm curious, in your experience, you're the guru, right? You know this world. You live this world every day.
I totally hear what you're saying there. These are great starting points. But if something's lurking in the shadows, it's going to be hard to find them all. And you need a plan of how to respond to that. And maybe that's part of what your answer will be in this next question. But I'm curious, in your experience, you're the guru, right? You know this world. You live this world every day.
What are some of the common mistakes that companies, organizations make to, you know, lead to these unknown APIs being created or overlooked? Like, how do they how do they get there in the first place? And maybe it's a little little bit of what, you know, you described in your four years ago example. But I'm curious, what are the common ones?
What are some of the common mistakes that companies, organizations make to, you know, lead to these unknown APIs being created or overlooked? Like, how do they how do they get there in the first place? And maybe it's a little little bit of what, you know, you described in your four years ago example. But I'm curious, what are the common ones?