Mapping the Unseen Vulnerabilities of Zombie APIsJoshua Scott on Application Service Management, Gen AI and Security Awareness
You thought it was deprecated, but it's still out there, and it's not secure. It's a zombie API.
Zombie APIs are becoming more and more common, just because of the sheer number APIs and third-party vendors that organizations rely on these days. Zombie APIs slip through the cracks of DevSecOps and DevOps, or different lines of business, are not communicating, or they happen because of a lack of logging and access checks.
Zombie APIs are technical debt that needs to be addressed, and application service management can help control them, said Joshua Scott, head of information security and IT at API platform Postman. But, he said, "The problem will continue to get worse," because "there's never a clean inventory." Scott said legacy tech adds to the problem, but ripping and replacing isn't always financially feasible. So businesses need to identify "what is critical to the business and map backward."
In this episode of
- The potential for using generative AI in the security operations center, although trusting it with important tasks such as alert analysis is still problematic;
- Why security awareness training needs to be more company-specific;
- The question of where security "lives" - with the CISO or the CIO - and why being empowered to do your job is all that matters.
Scott has more than 20 years of experience in security and technology across various industries and is a member of the SVCI, a group of CISOs that operates as an angel investor syndicate.