October 2025 Breaches Workshop скачать в хорошем качестве

October 2025 Breaches Workshop

Lions, tigers, and breaches—oh my! Kick off Cybersecurity Awareness Month with spooky real-world API breach stories pulled straight from today’s headlines. In this special session, Dan and Christine dig into how attackers are exploiting APIs at an alarming pace (sometimes daily), and what defenders can do about it. What’s inside this session: • FlowWise AI – a password reset gone horribly wrong (CVSS 9.8) • Microsoft Entra ID (Azure AD) – actor tokens used to jump tenants & bypass MFA • OneLogin – when access tokens start leaking secrets they shouldn’t • SwissBorg & Kiln – $41M crypto heist from unsafe 3rd-party API consumption • Milesight routers – unsecured endpoints turned into SMS spam cannons • Pudu Robots – from sushi delivery bots to hospital cleaners… hacked remotely and controlled with exposed APIs 🎬 Plus: a live demo of Bolt, our new Chrome extension that auto-discovers APIs while you browse. We show how to capture endpoints, export Swagger, and instantly test them with AppSec GPT. 🎃 And don’t miss the launch of OWASP October—a rapid-fire mini-series running every Tuesday & Thursday all month (and spilling into November). Each session starts with a spooky breach story, then jumps into a hands-on lab tied to one of the OWASP API Top 10 (Freddy Krueger stars as the BOLA villain). If you’re seeing API attacks dominate the news and want to connect them to the OWASP Top 10, and learn how to test & defend your own APIs, this replay is for you.