How attackers exploiting e-commerce API vulnerabilities

Are you managing an Online e-commerce business security team?
We have selected 3 API security issues that caused data breaches in the e-commerce and online retail industry last 2 years:

Reward credits stealing by SQL injection in REST API

Application-level DoS attack by exploiting logic bomb in a Lucene search engine at black Friday

Massive users’ account takeover attack by exploiting a stored XSS vulnerability

According to Gartner’s research, 83% of all the traffic in the Internet is API calls. E-commerce industry was one of the early adopters of the SPA (single-page-application) and API approach to deliver better buyers experience and deal with the supply chain automation. Unfortunately, because of business urgency and deployment speed, API security often remains overboard.

Our speakers:

Watch the webinar