Lebin Cheng

CloudVector is the third start-up Lebin helped bootstrap as a serial entrepreneur. His career of more than 20 years in cybersecurity started as an early engineering team member in IntruVert, a company later acquired by McAfee to bring the industry-leading IntruShield IDS/IPS products. Most recently, Lebin was a co-founder of Netskope, a leader in the Cloud Access Security Broker(CASB) space. Lebin was awarded 14 patents in areas such as network security, application infrastructure, and protocol/API inspection. Lebin holds an MBA degree from the HaaS School of Business of UC Berkeley and a Master of Science in Computer Science degree from Purdue University.

Lebin Cheng

How a Trusted Client Hides API Vulnerability?

How a Trusted Client Hides API Vulnerability? A Case for Service Side Monitoring/Testing A critical vulnerability in Apple “Sign Me In” feature was reported last week (Reference) that would allow a bad actor to first login through the Apple Client using their own credentials, then abuse the same login session to request a JSON Web …

How a Trusted Client Hides API Vulnerability? Read More »

Data Leaks When API Services Miscommunicate

Data Leaks When API Services Miscommunicate How Monitoring All Call Traces Can Detect and Prevent Data Exfiltration Findadoctor.com Data Leakage It was reported that information about 1.4 million US doctors was leaked (https://apisecurity.io/issue-79-1-4-million-doctor-records-scraped-using-api/) when bad actors appear to have taken advantage of a GitLab file upload vulnerability (https://about.gitlab.com/blog/2020/03/30/how-to-exploit-parser-differentials/).   The technical details of the vulnerability are …

Data Leaks When API Services Miscommunicate Read More »