Alexandra Charikova
Passionate about advancing knowledge in application security and challenging industry leaders, Alexandra is a cybersecurity content creator and community manager at Escape and hosts the podcast "The Elephant in AppSec." This podcast brings together cybersecurity professionals and industry leaders to discuss and tackle challenging topics in application security.
Session
Many large organizations unknowingly expose vulnerable staging and development APIs, creating opportunities for hackers to access sensitive data. To uncover the scope of this issue, we analyzed 1,000 domains, identifying shadow APIs, leaked API secrets, and critical vulnerabilities like misconfigured GraphQL APIs and exposed Spring Boot Actuator schemas.
In this session, we’ll show key findings, share how we scaled API discovery using subdomain enumeration and schema reconstruction, and provide actionable strategies to mitigate risks, such as continuous API inventory and schema validation. Attendees will also gain hands-on knowledge of open-source tools like GraphQL Armor and Goctopus to enhance API security.