Think like a hacker: Reducing cyber security risk by improving api design and protection

Author(s):

Gerhard Giese, Senior Manager, Akamai Technologies

Journal:

Cyber Security: A Peer-Reviewed Journal

Click the button below to download the full text of the article.

Abstract: Application programming interface (API) traffic now dominates the Internet. Unlike traditional web forms, APIs are faster and more powerful, but often do not get the correct protection — expanding the security risk for organisations. APIs connect people, places and things to create seamless integrations, richer experiences and new revenue models. This paper deals with when an API is misused, and stipulates how the exposure to an organisation can be significant. The paper discusses why it is no longer safe to assume APIs will be used as intended or remain hidden to prevent unauthorised access or abuse. To stay ahead of the next cyber security exploit, API developers need to start thinking like a hacker. The paper promotes a proactive approach to identifying, designing, managing and protecting APIs which will minimise the attack surface and prevent damaging data breaches.

KEYWORDS: API; attack surface; apps; Internet of Things (IoT); pen testing; hacking; web security

Read this featured article now.

To read this article and receive further updates on Henry Stewart Publications content please register using the form below.

Details

Contact us

Cyber-Security Webinar Archive

Editorial Board

Forthcoming content

Instructions for authors

Multi-user licences

Table of Contents

Volume 8 (2024-25)

Volume 7 (2023-24)

Volume 6 (2022-23)

Volume 5 (2021-22)

Volume 4 (2020-21)

Volume 3 (2019-20)

Volume 2 (2018-19)

Volume 1 (2017-18)

Featured Articles

Tackling cybercrime and ransomware head-on: Disrupting criminal networks and protecting organisations

Marja Laitinen, Digital Crimes Unit Lead and Sarah Armstrong-Smith, Chief Security Advisor, Microsoft EMEA

IT modernisation in the energy sector: Preventing cyberthreats to critical infrastructure

Pamela K. Isom, Deputy Chief Information Officer, United States Department of Energy

Consider the consequences: A powerful approach for reducing ICS cyber risk

Richard Wyman, Professional Control Systems Engineer, Idaho National Laboratory

Publisher:

Simon Beckett

First Published:

June 2017

ISSN (print):

2398-5100

ISSN (web):

2398-5119

Back to Journal

What Our Subscribers Say

Journal:

Journal of Brand Strategy

"Congrats on Journal of Brand Strategy. From the outset I liked the focus on real problems and real solutions. I especially like the case study section, there are so few outlets for this article type and it can be so useful."

David Aaker, Vice-Chairman, Prophet and Professor Emeritus at the University of California, Berkeley's Haas School

Journal:

Management in Healthcare: A Peer-Reviewed Journal

“Given the rapidly changing landscape of our industry and the common thread of organizations 'doing more with less' in a resource-scarce environment, this journal is not just timely, but necessary. A journal of this nature, with topics such as organizational behavior and operational challenges that a healthcare administrator who is resource-stricken can relate to, is an opportune and worthwhile endeavor.”

Rob Osgood, Emergency Management Director, Tufts Medical Center

Journal:

Journal of Payments Strategy & Systems

"Provides relevant insights from industry leaders and experts"

Namita Lal, Global Head, Mobile Money, Standard Chartered Bank

Journal:

Journal of Supply Chain Management, Logistics and Procurement

"Journal of Supply Chain Management, Logistics and Procurement provides a unique locus of information, data, and case studies for the public, private, and academic sectors, while helping lead to a better understanding of the industry and its effects on day-to-day living."

Mr Jonathan Jenkins, Assistant Commissioner, Logistics, NYC Emergency Management Department

Journal:

Corporate Real Estate Journal

"In the age of information overload, it is refreshing to have a publication whose primary purpose is to serve and educate its readership. A publication that is governed by the people in the industry is always the most compelling and the quality of experience leveraged and information gathered is immediately evident. This journal serves as an industry standard for excellence in reporting on the many facets of our profession, as well as showing where it is going."

Erica Chapman, Vice President of Global Real Estate + Workplace Productivity, Akamai

Journal:

Journal of Digital Media Management

"Journal of Digital Media Management is one of the most thoughtful and complete journals on the subject of digital asset management. The articles are written and reviewed by some of the foremost experts in the industry."

Greg Fioravanti, Vice President, Business Affairs, Discovery Communications

Journal:

Journal of Payments Strategy & Systems

"JPSS has articles that make you really think about payments and how they affect commerce and society."

Steve Ledford, ‎SVP Products and Strategy, The Clearing House

Journal:

Journal of Digital Media Management

We use Journal of Digital Media Management to see what's being talked about, what works, what doesn't work, what backs up our strategy or what challenges our strategy. For ITV's Content Management team, the range of practitioners and the very practical scenarios provide a trigger for the development of new ideas.

Dale Grayson, Director of Content Management and Information Policy, ITV

Journal:

Journal of Brand Strategy

"Brand strategy and innovation is a dynamic and growing practice of great variety. There is a huge demand for a consolidating publication that brings together the very best from the field. Journal of Brand Strategy is the most essential read today."

Anders Frostenson, Managing Director, Doberman New York

Contact Information

Henry Stewart Publications LLP

Registered office: Ruskin House, 40/41 Museum Street

London, WC1A 1LT, UK

Tel: +44 (0)20 7092 3465

Email: info@hspublications.co.uk

Registered in England, Incorporation No. OC 317997