Speaker

Intesar Mohammed

Intesar Mohammed

Seasoned serial entrepreneur and a speaker

San Francisco, California, United States

Intesar Shannan Mohammed is a seasoned serial entrepreneur and speaker with profound expertise in APIs, performance, and security. With a remarkable track record of founding three successful startups in the API space, Intesar's entrepreneurial journey has been defined by innovation and impactful contributions. His profound knowledge and passion for the subject are exemplified by the four granted patents he holds in the domain. Intesar's educational background includes bachelor's and master's degrees in computer science from esteemed institutions, namely JNT University and DePaul University. Prior to his entrepreneurial ventures, he honed his skills and gained invaluable experience at renowned technology companies, including VMware, Palm, and Cisco.

Area of Expertise

  • Information & Communications Technology

Topics

  • AppSec
  • apis
  • API Testing
  • api security

PRO WORKSHOP: Top API Security Threats & Solution

The session will cover.
1. Top API threats, e.g., Microsoft & Citi breach case-studies.
2. How to detect and remediate day-0 & day-1 vulnerabilities
3. A live demo of how an exploit unfolds.

PRO WORKSHOP: Your APIs May Be Leaking Data, Learn How to Stop It

APIs are the visible backbone of any application; it’s where all the data and requests get processed. As a result, the API layer exposes a very large surface area for attacks - as evident in the latest hacks against Google+, Facebook and many others. Hackers are now targeting API-specific vulnerabilities and most companies do not even know that their APIs are leaking data. While technical security vulnerabilities, like SQL injection and cross-site scripting (XSS), are the most widely known flaws stemming from coding errors, the vast majority of API attacks exploit access control and business logic vulnerabilities that cannot be detected with SAST and DAST vulnerability scanning solutions. In this session, you will learn about the best practices to identify, track and fix role-based and attribute-based access control (RBAC & ABAC) vulnerabilities that allow users to accumulate excess permissions granting them unauthorized access to otherwise secure API endpoints and resources. You will also learn about business logic flaws that allow hackers to manipulate legitimate API calls to steal data and interfere with business functions. Such vulnerabilities have contributed to the vast majority of API attacks (including Google+, Facebook, Citi and T-Mobile) and could cost companies extremely high fines for breaching GDPR and other regulatory guidelines.

DeveloperWeek Cloud 2022

September 2022 Austin, Texas, United States

API World 2021

October 2021

API World 2020

October 2020 San Jose, California, United States

API World 2019

October 2019 San Jose, California, United States

Intesar Mohammed

Seasoned serial entrepreneur and a speaker

San Francisco, California, United States