I added a specific project for aggregating and tracking on vulnerabilities in our online infrastructure, in addition to my existing security and cyber security research. Not all of the vulnerabilities I curate are API specific, but I find it helps increase my overall awareness of security related issues and I find it useful to thinking through the possibilities when it comes web vulnerabilities being applied to APIs.
Across these three areas of my security research, the one common pattern I see across the security landscape is that the humans are always the weakest link. Almost all of the breaches I read about occur because of some human, being well human, and allows for some often well-known exploit to be penetrated. Hacking systems is less about knowing the tech exploits, then it is about knowing and maximizing the human exploits–as we are always the weakest link.
I use this awareness when I’m evaluating the promise of any security-focused solution I come across. If the solution prescribes more technology, to help us secure the technology we have–I’m guessing it is most likely smoke & mirrors about 95% of the time. If the solution offers something that helps address the human variable in the equation, and augments this reality, making us all more security minded, and ulitmatmely security literate–the chances it will make a difference increases in my opinion.