Chief Product Officer
When APIs are IoT's Weakest Link: Security Horror Stories
IoT systems can affect our physical safety and thus have to be secure by design. However, modern-day IoT systems include a lot more than the devices and physical equipment themselves. They increasingly are made of devices, cloud services, mobile and web applications, and APIs putting them all together. These intercomponent API calls typically happen on public networks.
By definition, APIs are available for discovery, remote calls, and scripted mass invocations by rogue actors. This makes proper API security design, validation, testing, and enforcement critical.
In this session we’ll discuss:
- The treat unsecured APIs bring to IoT
- Real-world API breaches including GPS watches, e-scooters, smart buildings, and cars
- Ways to mitigate risk with modern API security design best practices