<p>We all know the Internet is a series of tubes connecting many systems via networks. This architecture has been in place since the early days of the web. The landscape has changed quite a bit over the past few years with applications themselves becoming interconnected. Interconnecting applications can result in extended trust boundaries and new vectors for attackers to exploit. API's are becoming more and more popular as web sites strive for dynamic, user-generated content. API developers have not always put much thought into how their API can be abused and the resulting effect it has on their application -- after all, APIs are all about access. These APIs are often abused to anonymize attack sources, enumerate services, and gain access to sensitive information. This presentation covers attack scenarios and historical examples of vulnerabilities in APIs that will prove useful to both security testers and developers alike.</p>
</p><p>Nathan Hamiel is a Principal Consultant for FishNet Security and an Associate Professor at the University of Advancing Technology. He is also the founder of the Hexagon Security Group. Nathan spends most of his time in the areas of application and enterprise security. He has spoken previously at events such as Black Hat, DefCon, ShmooCon, ToorCon, and many others.</p>