Outpost 24: Account Takeover in Azure's API Management Developer Portal
API Management is a critical component of modern application development. As organizations increasingly rely on APIs to exchange data between systems, they must also consider the potential security risks that come with API usage.
In this 30 minute webinar, Outpost24’s Thomas Stacey will walk you through a vulnerability he recently discovered in Azure's API Management Developer Portal that can be exploited to perform an account takeover attack. Thomas will be exploring the various steps involved in identifying the vulnerability, disclosure and eventual release of the fix.
The following topics will be covered, followed by a Q&A session:
• Overview of Azure's APIM Service
• Identifying the vulnerability in Azure's API Management Developer Portal
• The Road to a Bug Bounty
• Conclusion and Application Security Best practice
This webinar is ideal for developers, security professionals, and anyone interested in learning more about vulnerability discovery and understanding why manual testing is essential for application security.