News
Conversation with Microsoft’s Avinash Jain: Common API vulnerabilities
This blog is about Akto's first episode of the API Security podcast. Avinash Jain, Security at Microsoft shares his knowledge on common API Security vulnerabilities with Akto.
Raaga Srinivas
Aug 30, 2023
5 mins
In this inaugural episode of "API Security: The Good, The Bad, The Ugly", Harsh Bothra, a distinguished Senior Consultant, takes the helm as he sits down with Avinash Jain, better known by his pseudonym 'logicbomb'.
Avinash, an esteemed information security researcher, currently working at Microsoft, has an impressive track record. His prowess in pinpointing vulnerabilities has garnered accolades from giants like Google, Yahoo, NASA, and more. If you've ever stumbled across intricate security breakdowns on blogs or articles highlighted by top-tier media outlets such as Forbes, BBC, and Techcrunch, there's a good chance you've encountered Avinash's insights.
Check out the episode below.
Key takeaways from our conversation
Avinash’s journey in cybersecurity, starting as a software developer to building and leading teams in companies like Cred, Blinkit, and Microsoft.
Learnings from bug bounty programs and its influence on an understanding of the security domain.
Building teams- the ‘security training’ market gap for fresher engineers with a keen interest in security.
Biases in security, as a product manager in Microsoft. Understanding the consumer base to strike the balance between usability and implementing security.
How should one approach bug bounty programs within the larger context of security engineering and what steps to take to avoid burnout and get the full picture on security.
Differences between experience gained through bug bounty programs and through a corporate career.
Insights into Common API Vulnerabilities
Top API vulnerability that is reoccurring among businesses and why it happens- Improper Access Control (IDORS).
A comparison of the vulnerability landscape from 2 years ago to the present day. Challenges in moving to cloud infrastructure, including susceptibilities to trending vulnerabilities such as SSRF.
Common API vulnerabilities that people miss and steps they should take to catch them; A specific focus on vulnerability due to undeprecated old API versions.
Unconventional findings when securing APIs and the importance of a CI/CD model when building the DevSec Ops cycle.
Major problems when handling APIs and how security tools like Akto can implement the security mindset and best practices into teams responsible for them.
The ‘signal to noise ratio’ and how to gauge the quality of your security tool.
Avinash’s advice to security teams in startups and large organizations to grapple with industry challenges, with examples from incidents he has come across.
To close, Avinash’s favorite quote-
“Security is not a one night job, it is like a building rope; step by step, stone by stone.”
Stay tuned for more episodes on all things API Security! Follow the podcast on Apple, Akto website or Simplecast.
In this inaugural episode of "API Security: The Good, The Bad, The Ugly", Harsh Bothra, a distinguished Senior Consultant, takes the helm as he sits down with Avinash Jain, better known by his pseudonym 'logicbomb'.
Avinash, an esteemed information security researcher, currently working at Microsoft, has an impressive track record. His prowess in pinpointing vulnerabilities has garnered accolades from giants like Google, Yahoo, NASA, and more. If you've ever stumbled across intricate security breakdowns on blogs or articles highlighted by top-tier media outlets such as Forbes, BBC, and Techcrunch, there's a good chance you've encountered Avinash's insights.
Check out the episode below.
Key takeaways from our conversation
Avinash’s journey in cybersecurity, starting as a software developer to building and leading teams in companies like Cred, Blinkit, and Microsoft.
Learnings from bug bounty programs and its influence on an understanding of the security domain.
Building teams- the ‘security training’ market gap for fresher engineers with a keen interest in security.
Biases in security, as a product manager in Microsoft. Understanding the consumer base to strike the balance between usability and implementing security.
How should one approach bug bounty programs within the larger context of security engineering and what steps to take to avoid burnout and get the full picture on security.
Differences between experience gained through bug bounty programs and through a corporate career.
Insights into Common API Vulnerabilities
Top API vulnerability that is reoccurring among businesses and why it happens- Improper Access Control (IDORS).
A comparison of the vulnerability landscape from 2 years ago to the present day. Challenges in moving to cloud infrastructure, including susceptibilities to trending vulnerabilities such as SSRF.
Common API vulnerabilities that people miss and steps they should take to catch them; A specific focus on vulnerability due to undeprecated old API versions.
Unconventional findings when securing APIs and the importance of a CI/CD model when building the DevSec Ops cycle.
Major problems when handling APIs and how security tools like Akto can implement the security mindset and best practices into teams responsible for them.
The ‘signal to noise ratio’ and how to gauge the quality of your security tool.
Avinash’s advice to security teams in startups and large organizations to grapple with industry challenges, with examples from incidents he has come across.
To close, Avinash’s favorite quote-
“Security is not a one night job, it is like a building rope; step by step, stone by stone.”
Stay tuned for more episodes on all things API Security! Follow the podcast on Apple, Akto website or Simplecast.
In this inaugural episode of "API Security: The Good, The Bad, The Ugly", Harsh Bothra, a distinguished Senior Consultant, takes the helm as he sits down with Avinash Jain, better known by his pseudonym 'logicbomb'.
Avinash, an esteemed information security researcher, currently working at Microsoft, has an impressive track record. His prowess in pinpointing vulnerabilities has garnered accolades from giants like Google, Yahoo, NASA, and more. If you've ever stumbled across intricate security breakdowns on blogs or articles highlighted by top-tier media outlets such as Forbes, BBC, and Techcrunch, there's a good chance you've encountered Avinash's insights.
Check out the episode below.
Key takeaways from our conversation
Avinash’s journey in cybersecurity, starting as a software developer to building and leading teams in companies like Cred, Blinkit, and Microsoft.
Learnings from bug bounty programs and its influence on an understanding of the security domain.
Building teams- the ‘security training’ market gap for fresher engineers with a keen interest in security.
Biases in security, as a product manager in Microsoft. Understanding the consumer base to strike the balance between usability and implementing security.
How should one approach bug bounty programs within the larger context of security engineering and what steps to take to avoid burnout and get the full picture on security.
Differences between experience gained through bug bounty programs and through a corporate career.
Insights into Common API Vulnerabilities
Top API vulnerability that is reoccurring among businesses and why it happens- Improper Access Control (IDORS).
A comparison of the vulnerability landscape from 2 years ago to the present day. Challenges in moving to cloud infrastructure, including susceptibilities to trending vulnerabilities such as SSRF.
Common API vulnerabilities that people miss and steps they should take to catch them; A specific focus on vulnerability due to undeprecated old API versions.
Unconventional findings when securing APIs and the importance of a CI/CD model when building the DevSec Ops cycle.
Major problems when handling APIs and how security tools like Akto can implement the security mindset and best practices into teams responsible for them.
The ‘signal to noise ratio’ and how to gauge the quality of your security tool.
Avinash’s advice to security teams in startups and large organizations to grapple with industry challenges, with examples from incidents he has come across.
To close, Avinash’s favorite quote-
“Security is not a one night job, it is like a building rope; step by step, stone by stone.”
Stay tuned for more episodes on all things API Security! Follow the podcast on Apple, Akto website or Simplecast.
Keep reading
Product updates
1 min
Login using GitHub is now available to all On premise users
Login using GitHub is now available to all On premise users
Product updates
3 mins
Test Editor is now 2x more efficient: Autocomplete, syntax errors and more..
Added autocomplete, syntax error highlighting and examples snippets in YAML test editor
Product updates
2 mins
First Step towards collaborative reporting: Added export findings as HTML
In order to improve collaboration and help security teams share finding reports amongst each other and developers, we have released a feature called Export as HTML.