Pop Goes the Stack | BOLA exploits: The #1 API threat and how to stop it | API Security
Автор: F5, Inc.
Загружено: 2025-11-18
Просмотров: 87
The 2025 API Threat Report is out, and shocker—we’re still getting wrecked by injection, data leaks, and BOLA. That’s Broken Object Level Authorization, for those of you keeping score at home.
Here’s the kicker—95% of these attacks are coming through authenticated sessions. Translation: the bad guys aren’t breaking in through the side door, they’re waltzing in with a valid badge and looting the place. But sure, let’s keep obsessing over password complexity policies while ignoring that our APIs are basically vending machines for sensitive data.
In this episode of Pop Goes the Stack, #F5's Lori MacVittie, Joel Moses, and special guest Garland Moore dive into BOLA misconceptions, the impact of #AI, and solutions you can implement now to mitigate risk.
Chapters:
00:00 Welcome to Pop Goes the Stack
00:40 What is #BOLA?
02:05 How a BOLA attack works
03:55 Authentication vs Authorization
04:45 BOLA: Who's responsible and what's the solution?
07:20 Both? Both. Centralized authentication and authorization
08:59 The database’s role in BOLA
12:12 Real-world BOLA examples
13:41 BOLA in the era of AI and agents
15:21 Solutions: Training, frameworks, and least privilege
19:55 Three things you can do to prevent BOLA exploits
Learn how you can stay ahead of the curve and keep your stack whole with additional insights on app security, multicloud, AI, and emerging tech: https://go.f5.net/3qsoorsy
More about F5: https://go.f5.net/ldwzrl9f
Read our blog: https://go.f5.net/naknsiu1
Follow us on LinkedIn: https://go.f5.net/q2vso6pe
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
