Lightning Recap: Highlights from BSides Lisbon 2024
Celfocus AppSec Team
Hosted by Pedro Tarrinho
In this rapid-fire session, the Celfocus AppSec team highlighted key topics and discussions from BSides Lisbon 2024, one of Portugal's major security conferences. Presentations covered: AI will take our job + GenAI Cybercrime Armageddon (Mariana Bento & José Neves); Weaponized Ads - Malvertising (Ruben Silva); Enhancing Secrets Management (Samuel Azriel); and Advanced Android Detection Evasion Tactics (Diogo Gomes).
Do not Live in the Shadows (APIs)
Shadow APIs — undocumented, unmanaged, or hidden APIs within an organization's ecosystem — pose a significant risk to security, compliance, and operational resilience. These APIs often emerge due to rapid development cycles, decentralized practices, or legacy systems, creating critical blind spots for development and security teams. This talk explores the concept of Shadow APIs, starting with a clear definition and their origins, and examines the multifaceted risks they introduce. Through real-world examples, it highlights the potential consequences of ignoring these "hidden doors" and discusses strategies for their identification, management, and mitigation.
Speaker Bio
Teresa Pereira is a Cyber Threat Hunter at Siemens Energy. Before this, she worked as a Pentester at KPMG Portugal for nearly three years. Her journey into API Security began in 2022, and by 2023 she was speaking at apidays Paris. In 2024, she spoke at both apidays London and apidays Paris.
