Account Takeover in Azure’s API Management Developer Portal

API Management is a critical component of modern application development. As organizations increasingly rely on APIs to exchange data between systems, they must also consider the potential security risks that come with API usage.

About this talk

In this on-demand webinar, Outpost24’s Thomas Stacey will walk you through a vulnerability he recently discovered in Azure’s API Management Developer Portal that can be exploited to perform an account takeover attack. Thomas will be exploring the various steps involved in identifying the vulnerability, disclosure and eventual release of the fix.

  • Overview of Azure’s APIM Service
  • Identifying the vulnerability in Azure’s API Management Developer Portal
  • The Road to a Bug Bounty
  • Conclusion and Application Security Best practice

This webinar is ideal for developers, security professionals, and anyone interested in learning more about vulnerability discovery and understanding why manual testing is essential for application security.