Time
1 hour 43 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
everyone welcome back to the core. So in this video, we're gonna talk about improper assets management
00:07
so we'll talk about what it is as well as ways that we can prevent against it.
00:12
So what is improper assets management? What does it actually mean? So
00:17
this is where an attacker finds non production versions of the A P I. So this could be a P eyes in the staging area or in testing even beta versions even earlier versions. And normally these aren't going to be is well protected. And then what the attacker does uses those to actually launch the attack
00:35
and then move laterally to other A P eyes.
00:39
So how do we prevent against this? Well, we could do things like taking the improve inventory of all of our A p I hosts and knowing what we actually have out there
00:47
limiting access from the public rights limiting that public access to the A P eyes
00:53
using a p I firewalls is another way limiting the access to production data. We can also segregate access to various AP eyes and then also implementing strict authentication.
01:03
Now, an example of this type of attack being used if you recall the just dial breach from 2019 were about 100 million users in India were affected and have their information taken.
01:17
So in this video, what has talked about what improper assets management is? And we also talked about some ways that we can mitigate or prevent against that. So again, doing things like taking the inventory of all of our A p I host limiting the public access to the A P eyes, limiting the access to production data as well as
01:34
making sure that we segment out that access
01:37
and then using a P I firewalls.

Up Next

Introduction to the OWASP API Security Top 10

The Introduction to the OWASP API Security Top 10 course will teach students why API security is needed. Students will get a brief refresher on the CIA triad and AAA, then move into learning about the OWASP Top 10 from an API security perspective.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor