AppSec California 2016: All our APIs are belong to us

Back To Schedule

All our APIs are belong to us

Snapchat does not offer a public API to access its service. Motivated third parties have taken great lengths to reverse-engineer our protocol and build applications on top of it, which could put our users at greater risk of account compromise. In 2014, one such third party was breached and exposed some user data they’d collected from Snapchatters. Their breach reinforced our desire to continue to do more to protect our users from third-party abuse.

In this talk we cover a number of defenses we have put in place both client and server-side since then, in a long-running cat and mouse game with determined third parties. We’ll expand on what worked, what didn’t, and what we learned from our efforts -- which we believe are unique in the social networking space.

Speakers

Jad Boutros

Director of Information Security, Snapchat

Jad Boutros joined Snapchat in 2014, where he serves as director of information security. He is responsible for security, spam and abuse as well as privacy engineering. Prior to joining Snapchat, Jad worked at Google for over nine years and led the security efforts for Google+ since... Read More →

AppSec SnapchatAllOurAPIsBelongToUs JadBoutros pdf

Wednesday January 27, 2016 3:00pm - 3:50pm PST
Annenberg Community Beach House

Sand and Sea Room

YouTube https://www.youtube.com/watch?v=fl-fnqoj7Qc

AppSec California 2016

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Jad Boutros

Attendees (18)