ToorCon TwentyOne speaker: Tony Lauro
Tony is currently Director of Security Strategy for Akamai Technologies. He's been involved with Information Security since the late 90's when he worked for a large US based telecom provider. Since then Tony has worked with Akamai’s top global clients to provide cyber security guidance, architectural analysis, web application and network security expertise. With over 20 years of Information Security operations experience Tony has worked and consulted in many verticals including finance, automotive, medical/healthcare, enterprise, and mobile applications. He is currently responsible for Akamai’s North / Central / South American clients as well the training of an internal group whose focus is on Web Application Security / and adversarial resiliency disciplines. Tony’s previous responsibilities include consulting with public sector/government clients at Akamai, managing security operations and pen testing for a mobile payments company, and overseeing security and compliance responsibilities for a global financial software services organization. Tony enjoys skateboarding, competitive grappling, Brazillian Jiu Jitsu, and spending time with his wife and kids in Dallas, TX.
API's are not just the 21st century developers mullet, they're also how you are getting PWND
A look at all the ways API's are used in the attack process, from ATO (account takeover) and credential abuse automation, to BOT operations for inventory sniping and checkout procedures. This can all be automated and abused thanks to the speed, ease of use, and extensibility of API's.