This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies By closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Michael Isbitski is a Technical Evangelist at Salt Security, helping to improve awareness and technical understanding in the area of API security. Prior to joining Salt Security, he was a Senior Director Analyst at Gartner for Technical Professionals (GTP) within the Security Technology and Infrastructure team. He researched and advised on a range of application security and infrastructure security topics including API security, security testing, secure design, secure SDLC, application protection, container security, Kubernetes security and secure continuous delivery. He has guided hundreds of organizations of all sizes globally in their security initiatives, across sectors and verticals. Additionally, Isbitski has over 20 years of hands-on practitioner and leadership experience in the fields of application security, vulnerability management, risk assessment, enterprise architecture, and systems engineering.
News quickly spread about a vulnerable call recording app for iPhone named “Call Recorder,” or “Acr call recorder,” as its listing in the Apple App Store states. TechCrunch was the first outlet to flag a design flaw with the mobile application’s API when it obtained call recordings from AWS S3 cloud storage to prove it was insecure and therefore open to API-based attacks. The weaknesses exhibited by the mobile app represent a vital shift occurring in cybersecurity towards the importance of the protection and hardening of APIs. From this instance alone, we can learn a number of valuable lessons as API attacks are set to rise drastically this year. Most of the issues in the Call Recorder vulnerability map directly to the OWASP API Security Top 10, a list that captures the most common API mistakes. This document is a great reference for DevOps and security teams that are looking to implement strong API security that can be applied to both web and mobile application systems, including those in the cloud.
