OWASP AppSec California 2016 – All our APIs are belong to us – Jad Boutros

Snapchat does not offer a public API to access its service. Motivated third parties have taken great lengths to reverse-engineer our protocol and build applications on top of it, which could put our users at greater risk of account compromise. In 2014, one such third party was breached and exposed some user data they’d collected from Snapchatters. Their breach reinforced our desire to continue to do more to protect our users from third-party abuse.
In this talk we cover a number of defenses we have put in place both client and server-side since then, in a long-running cat and mouse game with determined third parties. We’ll expand on what worked, what didn’t, and what we learned from our efforts — which we believe are unique in the social networking space.
Jad Boutros
Snapchat
Director of Information Security
Jad Boutros joined Snapchat in 2014, where he serves as director of information security. He is responsible for security, spam and abuse as well as privacy engineering.
Prior to joining Snapchat, Jad worked at Google for over nine years and led the security efforts for Google+ since the project’s inception. Jad holds a bachelor’s degree in computer engineering from McGill University and a master’s degree in computer science from Stanford University.
For More Information Please Visit:- https://2016.appseccalifornia.org/

Source: SecurityTube.Net @ February 19, 2017 at 11:54PM

0
Share