Alissa Knight, Senior Analyst at Aite Group, discusses API security, the Magecart hacking group, recent breaches, formjacking skimmers and her upcoming book.

In the podcast, Knight and host Chris Sienko discuss:

– What’s been happening since you’ve been on the podcast last? (3:10)
– You’ve been on an international tour, sharing vulnerabilities you’ve discovered on 30 financial institution mobile apps; how that going? (5:38)
– You’ve discovered during this tour that people were more interested in API security? (8:22)
– Let’s talk about API security; give us an elevator pitch on what API security is and some of the most common API vulnerabilities. (10:45)
– Is API security a new enough issue where it’s okay for organizations to be “off-the-hook” for not knowing how to defend against these vulnerabilities? Or should they know better? (14:08)
– What are your recommendations for securing APIs? (15:35)
– What do you see as the friction point for these organizations not utilizing API security? (17:14)
– Tell us a little bit about the report you did detailing Magecart groups? (18:14)
– Is there a way for users can tell if a site they are on is formjacked, or is it an issue that’s so deeply embedded, that it can only be tackled at the structural level? (21:16)
– What is the expectation of us as online consumers to be aware of these types of hacks? Are there any tips on seeing is a form is jacked? Are we going to have to spend extra time every time we buy online to be aware of potential vulnerabilities? (22:37)
– Let’s get into these Magecart hacking groups. How long have they been around and apart from formjacking, what attacks are they known for? (26:08)
– Is the formjacking protection an issue an easy-fix? What is preventing organizations from protecting their sites? (28:51)
– What is a way to tell if a site has been compromised by formjackers? (30:03)
– If you are working for one of these retail sites, and you suspect the security team are not protecting against formjacking, is this something you can bring to leadership? (31:36)
– Tell us about your upcoming book. (32:12)
– Let’s jump back to your book on hacking connected cars. What can readers expect? (33:55)
– Any predictions on what vulnerabilities, API or other, are going to be the most dangerous or prevalent in 2020 and beyond? (37:04)
– Last time, we discussed the need for women in cybersecurity. You’ve been using #KnightWriter on social media; are you building and growing a coalition of women in cybersecurity? (39:14)
– Can you tell me a little bit more about these “100 Women in 100 Days Cybersecurity Certifications for Women” workshops? (42:26)
– Where can we find you on social media and tell us a little bit about your podcasts? (44:00)

View the full transcript: https://www.infosecinstitute.com/podcast/alissa-knight-talks-api-security-formjacking-and-hacking/

Additional Resources

– Join us in the fight against cybercrime: https://www.infosecinstitute.com
– Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast

About the Cyber Work Podcast

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.