Traceable ASPEN: Leading the Charge in API Security Research

At Traceable, we’re excited to announce the launch of our latest endeavor, Traceable ASPEN, a dedicated research team that is set to redefine the API security landscape. Traceable ASPEN embodies our commitment to elevating API and Application Security to new heights.

In the ever-evolving world of API security, the challenges are multifaceted. We face an expanding attack surface, sensitive data management complexities, intricate authentication and authorization processes, and dynamic API changes. These challenges are compounded by the reliance on third-party APIs and often, inadequate logging practices. With a notable increase in API abuse incidents, Traceable ASPEN is strategically positioned to counter these emerging threats through proactive vulnerability discovery and robust protective measures.

Paving the Way in Application Security Research

Traceable ASPEN’s mission is clear and impactful: to bring API Security to the forefront of application security discussions. Our team is geared towards discovering new API vulnerability classes and developing state-of-the-art tools for testing and safeguarding API-centric applications. We are committed to dissecting API-based attack campaigns, focusing on their Tactics, Techniques, and Procedures (TTPs), and sharing our findings with the wider security community.

Introducing Our Team: A Melting Pot of Expertise

Our security research team is a diverse group of seasoned professionals and innovative thinkers. Their expertise spans across various disciplines, including penetration testing, web application firewalls, authentication, authorization, threat intelligence, incident response, and secure software development. This blend of experience and fresh perspectives forms the backbone of our approach to tackling the complex cybersecurity landscape.

Eaton Zveare is an expert in software and hardware reverse engineering, who got his start in video games, creating a mod for Xbox 360 that raises storage limits using a kernel extension. Eaton has recently contributed to the security of multiple Fortune 500 companies by discovering and reporting several critical vulnerabilities in web applications.

Juan Pablo Tosso has 10+ years of experience in Web and API security. He is the author & project leader of OWASP Coraza WAF, contributor of OWASP Core Ruleset & OWASP API Security Project.  He has presented at  OWASP Appsec Dublin and Rethinking WAFs: OWASP Coraza

Roshan Piyush has years of experience in Security Engineering, specifically API Security, Identity, Machine Learning, Threat Intelligence. He is the project Leader of OWASP crAPI, and an active contributor to Owasp coraza & Owasp API Security Project. He is the co-organizer of API Security India Community.

Inon Shkedy is the Project leader of OWASP API security. He started his career in a red team in an Israeli government organization, and then moved to the Silicon Valley to specialize in API Security. He has presented at dozens of security conferences, including OWASP global appsec, OWASP London. He has conducted API vulnerability assessments for many Fortune 500 companies

Anjum Ahuja has years of experience in Security Engineering, specifically detection engineering & incident response and threat intelligence. He has presented at conferences like BSidesSF, BSidesCharm, and has multiple patents issued for IOT Security.

Katie Paxton-Fear is a hacker and educational content creator who specializes in API security. She has a PhD in security and natural language processing and is a researcher in interconnected security at Manchester Metropolitan University. She has been featured on BBC News, The Wall Street Journal, CISA, Diginomica, and The Daily Swig, and regularly speaks at top industry conferences.

Namburi Soujanya  is a Security Research Engineer focusing on API security, Machine learning, and Web Application Firewalls. She is a co-organizer of  API Security India Community. and has conducted multiple talks and workshops on the subject, notably with the OWASP+Null chapter Bangalore and  API Security India Community.

Mathew Jose is a Security Researcher in API Security. He has conducted vulnerability assessments for several Fortune 500 companies. He has conducted several talks and workshops for the API Security India Community.

Leveraging the Traceable Edge

Traceable ASPEN’s methodology is grounded in the unique insights the Traceable platform provides, which analyzes an immense volume of API requests daily. This gives us a rare view of the API domain’s evolving threats and fraud attacks. By harnessing these insights, Traceable ASPEN will not only enhance our protection and API security testing (AST) capabilities but also contribute significantly to open-source initiatives, shape security standards, and drive collaboration within the API security community.

Join Us on Our Quest

Embark on this journey with Traceable ASPEN, where research converges with security. We’re not just redefining the boundaries of API Security—we’re leading the way toward a new era of cybersecurity excellence. Stay tuned as we continue to shape the future of digital security with Traceable ASPEN, where groundbreaking research meets practical application in pursuing a safer digital world.