Category: 3-SometimeTechTalk

The Haunted House of API's

Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

The Dark Corners of APIs: Uncovering Unknown APIs Lurking in the Shadows

Our episode today is titled The Dark Corners of APIs: Uncovering Unknown API’s lurking in the shadows, where we speak with Katie Paxton-Fear. APIs are the gateway to your digital infrastructure, but hidden deep in the recesses of your system are unknown APIs – shadow, rogue, zombie, and undocumented API’s. Each of these present a unique threat to your organization and can be exploited by hackers. Katie is an API hacker and researcher, and today, she will take us on a journey through the API graveyards, where hidden APIs lurk, waiting to be exploited – sharing real life examples of how these API’s have been attacked, and best practices for ensuring they don’t become your companies next security nightmare.

Discussion questions:

1. Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?
2. Why do these APIs often go unnoticed, and how do they become security risks?
3. What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?
4. How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?
5. In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?

Sponsors

• Traceable

Links

• https://www.traceable.ai/
• https://www.linkedin.com/in/katiepf/
• https://insiderphd.dev/
• Katie's YouTube Channel

Our Sponsors:
* Check out Vanta: https://vanta.com/CODESTORY


Support this podcast at — https://redcircle.com/code-story/donations

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy

Dan Ives is the managing director, equity research at Wedbush Securities. Stephanie Link is the chief investment strategist and portfolio manager at Hightower Advisors. The two all-star stock watchers join Big Technology Podcast to discuss the fascinating state of big tech stocks, particularly Apple's surprising resilience. Tune in to hear why Apple's stock is up 42% since April despite mixed headlines about Vision Pro and AI, and whether its $3.5 trillion valuation is justified. We also cover Nvidia's dominance in AI chips, how a potential Trump presidency could impact tech stocks, and Amazon's cultural challenges. Hit play for an insightful discussion about where the biggest names in tech are headed and how to think about investing in them.

---

Enjoying Big Technology Podcast? Please rate us five stars ⭐⭐⭐⭐⭐ in your podcast app of choice.

For weekly updates on the show, sign up for the pod newsletter on LinkedIn: https://www.linkedin.com/newsletters/6901970121829801984/

Questions? Feedback? Write to: bigtechnologypodcast@gmail.com

The Haunted House of API's

The Witch’s Brew: Stirring Up OWASP Vulnerabilities and API Testing

Today, we are kicking off an amazing series for Cybersecurity Awareness month, entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

In today’s episode, we will be talking with Jayesh Ahire, an expert in API testing and OWASP, will guide us through the "brew" of common vulnerabilities that haunt API ecosystems, focusing on the OWASP Top 10 for APIs. He’ll share how organizations can use API security testing to spot and neutralize these vulnerabilities before they become major exploits. By emphasizing proactive security measures, Jayesh will offer insights into creating a strong API testing framework that keeps malicious actors at bay.

Discussion questions:

1. What are some of the most common vulnerabilities in APIs that align with the OWASP Top 10, and why are they so dangerous?
2. Why is API security testing crucial for detecting these vulnerabilities early, and how does it differ from traditional security testing?
3. Can you share an example of how an overlooked API vulnerability led to a significant security breach?
4. How can organizations create an effective API testing framework that addresses these vulnerabilities?
5. What tools or methods do you recommend for continuously testing APIs and ensuring they remain secure as they evolve?

Sponsors

• Traceable

Links

• https://www.traceable.ai/
• https://www.linkedin.com/in/jayesh-ahire/
• https://owasp.org/

Our Sponsors:
* Check out Vanta: https://vanta.com/CODESTORY


Support this podcast at — https://redcircle.com/code-story/donations

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy

Tariq Shaukat, the former president of Google Cloud and Bumble, is the CEO of Sonar. Follow him on LinkedIn.

Sonar offers code quality and security solutions that help developers write clean code and remediate existing code organically. Their product SonarQube helps devs ensure the quality and security of AI-generated code.

Watch Olivier Gaudin, founder of Sonar, explain why clean code is the foundation for well-functioning dev teams.

Stack Overflow user Ogglas earned a Populist badge by explaining How to access the appsettings in Blazor WebAssembly.

Topics covered in this episode:

• Open Source Pledge
• Jeff Triplet's DjangoTV
• PEP 735 – Dependency Groups in pyproject.toml
• livereload
• Extras
• Joke

See the full show notes for this episode on the website at pythonbytes.fm/406

Ranjan Roy from Margins is back for our weekly discussion of the latest tech news. Cory Weinberg from The Information joins us for the first half! We cover 1) Open AI and Microsoft’s relationship starting to fray 2) Microsoft rebuffing OpenAI's fundraising efforts 3) Mustafa Suleyman's impact on the Microsoft - OpenAI dynamic 4) Why OpenAI sought Apple and NVIDIA's investment 5) Softbank from the top rope 6) When might OpenAI declare it's reached AGI? 7) Microsoft and OpenAI sort out ownership stakes in a new for-profit entity 8) Apple's new smart home strategy 9) Netflix's earnings and engagement questions 10) Meta fires employees for using meal money on toothpaste 11) Silicon Valley and FIRE

---

Enjoying Big Technology Podcast? Please rate us five stars ⭐⭐⭐⭐⭐ in your podcast app of choice.

For weekly updates on the show, sign up for the pod newsletter on LinkedIn: https://www.linkedin.com/newsletters/6901970121829801984/

Want a discount for Big Technology on Substack? Here’s 40% off for the first year: https://tinyurl.com/bigtechnology

Questions? Feedback? Write to: bigtechnologypodcast@gmail.com

Solo.io provides API gateway, service mesh, and internal developer portal solutions. 

Follow Solo.io on X or LinkedIn or dig into the docs.

Want to brush up on RAG? Our Guide to AI walks you through the concept and includes a practical example. Or check out one expert’s practical tips for RAG on our blog.

Connect with Keith on LinkedIn.

Shoutout to Stack Overflow user MrSimpleMind: their helpful answer to the question – How to run jq from gitbash in windows? – has been viewed by more than 213,000 people and won a Populist badge.

In October 2022, Safaricom launched its telecommunications services in Ethiopia, marking a major milestone as the first private operator to enter the Ethiopian telecom market. This move broke the long-standing monopoly of state-owned Ethio Telecom and was seen by many as a significant step towards liberalising the country’s telecom sector. The company had officially been licensed in July 2021, with a record $850 million licensing fee—the largest foreign direct investment in Ethiopia at the time. Safaricom committed to investing around $8 billion over the next decade to build its infrastructure and services, aiming to enhance competition and improve connectivity for millions of Ethiopians. However, Safaricom’s launch did not come without challenges. The rollout faced delays due to socioeconomic and security issues within the country. Initially planned for an earlier start, the company adopted a phased approach, beginning with services in Dire Dawa and targeting expansion to 25 cities by April 2023. That move reportedly saw significant infrastructure investments being made, including the construction of mobile towers and a national transmission network, alongside the importation of over $300 million worth of equipment. Episode overview: Fast forward to October 2024, in this episode of the African Tech Roundup Podcast, Yahya Banafa gives Andile Masuku a behind-the-scenes peek at the challenges and opportunities Safaricom is facing as it continues to establish itself in Ethiopia. He offers a practical perspective on building and deploying modern telecom infrastructure from scratch in a market that’s evolving rapidly. Key topics: • Planning and engineering a mobile network in a new market • Tackling Ethiopia’s unique terrain and altitude challenges • Balancing regulatory hurdles with business goals • Managing unexpected surges in data demand • Forming strategic partnerships within the telecom sector • Exploring the future potential of mobile money services • Optimising network coverage across diverse landscapes • Introducing 5G technology to meet growing demand • Meeting the digital needs of Ethiopia’s younger generation • Addressing competition from new market entrants like Starlink Notable points: Banafa delves into the complex process of network planning, touching on the importance of meeting both regulatory standards and service quality benchmarks. He explains how Safaricom has adjusted its approach to handle Ethiopia’s high-altitude regions and varied geography. The conversation reveals that higher-than-expected demand for data services has pushed Safaricom to accelerate its 5G rollout. There’s also a discussion about the potential of mobile money services in Ethiopia, with insights drawn from the success of M-Pesa in Kenya. Banafa stresses the importance of collaboration across the telecom sector to enhance the customer experience. Listen in for valuable insights into the strategic decisions behind Safaricom’s efforts to establish a cutting-edge telecom network in Ethiopia. It sheds light on how technology, regulations, and market dynamics intersect to shape the country’s digital future. Editorial Note: This interview was recorded at the fringes of NOVACOM Africa 1-to-1 Telco Summit 2024 in Franschhoek, South Africa, where Andile Masuku attended as an independent media guest. African Tech Roundup maintains complete editorial oversight and is not affiliated with the event organisers. Image credit: Gift Habeshaw