Akamai Diversity

The Akamai Blog

Recently by Ryan Barnett

Ryan Barnett

Ryan Barnett

April 13, 2018 7:00 AM

Part 2: The Dark Side of APIs

Ryan Barnett, Principal Security Researcher, Akamai Elad Shuster, Senior Security Researcher, Akamai During its research into Credential Abuse attack campaigns, Akamai's threat research team conducted an analysis of web logins to gain insights into how widespread the adoption of API-based logins is and whether or not this trend also affects attackers and attack campaigns. It will come as no surprise that API-based logins are highly targeted by credential abuse attackers

Ryan Barnett

Ryan Barnett

April 3, 2018 9:00 AM

The Dark Side of APIs: Part 1, API Overview

Ryan Barnett, Principal Security Researcher, Akamai Elad Shuster, Senior Security Researcher, Akamai API Overview Application Programming Interfaces (API) are a software design approach which enables software and system developers to integrate with other systems based on a defined set of communication methods. APIs serve as software building blocks and allow for software reuse - essentially allowing fast development of new systems based on existing capabilities.

Ryan Barnett

Ryan Barnett

February 1, 2017 11:37 AM

WordPress Web API Vulnerability

On Tuesday, February 1, 2017, security vendor Sucuri disclosed a severe vulnerability in the WordPress REST API in versions prior to 4.7.2. The vulnerability allows for remote, unauthenticated and easily automated modification of blog post and page content by manipulating a parameter payload. Sucuri, Inc. notified Akamai of this vulnerability in advance of the public disclosure, which allowed the Threat Research team to internally confirm exploitability and to develop a

Ryan Barnett

Ryan Barnett

June 10, 2016 10:15 AM

Web Application Defender's Field Report: Account Tak ...

I am scheduled to give a security talk next week at the Gartner Security Summit entitled: Web Application Defender's Field Report. In the talk, I will be covering statistics and technical details of web application attacks from our just released State of the Internet (SOTI) Report for Q1 2016. One of the more interesting details of the report centers around the analysis of massive Account Takeover (ATO) attack campaigns that