Alissa Knight talks API security, formjacking and hacking | Cyber Work Podcast
https://www.ispeech.org/text.to.speech
Alissa Knight, Senior Analyst at Aite Group, discusses API security, the Magecart hacking group, recent breaches, formjacking skimmers and her upcoming book.
In the podcast, Knight and host Chris Sienko discuss:
– What's been happening since you've been on the podcast last? (3:10)
– You've been on an international tour, sharing vulnerabilities you've discovered on 30 financial institution mobile apps; how that going? (5:38)
– You've discovered during this tour that people were more interested in API security? (8:22)
– Let's talk about API security; give us an elevator pitch on what API security is and some of the most common API vulnerabilities. (10:45)
– Is API security a new enough issue where it's okay for organizations to be "off-the-hook" for not knowing how to defend against these vulnerabilities? Or should they know better? (14:08)
– What are your recommendations for securing APIs? (15:35)
– What do you see as the friction point for these organizations not utilizing API security? (17:14)
– Tell us a little bit about the report you did detailing Magecart groups? (18:14)
– Is there a way for users can tell if a site they are on is formjacked, or is it an issue that's so deeply embedded, that it can only be tackled at the structural level? (21:16)
– What is the expectation of us as online consumers to be aware of these types of hacks? Are there any tips on seeing is a form is jacked? Are we going to have to spend extra time every time we buy online to be aware of potential vulnerabilities? (22:37)
– Let's get into these Magecart hacking groups. How long have they been around and apart from formjacking, what attacks are they known for? (26:08)
– Is the formjacking protection an issue an easy-fix? What is preventing organizations from protecting their sites? (28:51)
– What is a way to tell if a site has been compromised by formjackers? (30:03)
– If you are working for one of these retail sites, and you suspect the security team are not protecting against formjacking, is this something you can bring to leadership? (31:36)
– Tell us about your upcoming book. (32:12)
– Let's jump back to your book on hacking connected cars. What can readers expect? (33:55)
– Any predictions on what vulnerabilities, API or other, are going to be the most dangerous or prevalent in 2020 and beyond? (37:04)
– Last time, we discussed the need for women in cybersecurity. You've been using #KnightWriter on social media; are you building and growing a coalition of women in cybersecurity? (39:14)
– Can you tell me a little bit more about these "100 Women in 100 Days Cybersecurity Certifications for Women" workshops? (42:26)
– Where can we find you on social media and tell us a little bit about your podcasts? (44:00)
View the full transcript: https://www.infosecinstitute.com/podcast/alissa-knight-talks-api-security-formjacking-and-hacking/
Want to hear more conversations like these? Subscribe to the Cyber Work Podcast:
– Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-work/id1419689068
– Google Podcasts: https://podcasts.google.com/?feed=aHR0cHM6Ly9yZXNvdXJjZXMuaW5mb3NlY2luc3RpdHV0ZS5jb20vZmVlZC9wb2RjYXN0Lw
– Subscribe on Android: https://subscribeonandroid.com/resources.infosecinstitute.com/feed/podcast/
– Spotify: https://open.spotify.com/show/4cLhlbHkSgyk01bZyL3gWA
About Infosec
At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.
Learn more at infosecinstitute.com.
source
0 Responses to Alissa Knight talks API security, formjacking and hacking | Cyber Work Podcast