Attackers Want Your Data and They're Getting It From Your API

Discover the methods attackers use to reverse engineer APIs and learn effective strategies to protect valuable data in this 50-minute conference talk from PHP UK Conference. Explore various techniques for intercepting and analyzing API traffic, compare authentication methods like API keys and OAuth2, and delve into essential API hardening practices. Gain insights into TLS encryption, certificate pinning, HMAC request signing, obfuscation, and compilation protection. Leave with a comprehensive understanding of the ongoing challenges in API security, familiarity with tools and techniques employed by attackers, and practical steps to enhance your API's defenses against unauthorized access and data breaches.

Attackers want your data and they're getting it from your API - Tim Bond