The only way to

The only way to

Discover every API and backdoor.

Discover every API and backdoor. Every single one.

Discover every API and backdoor. Every single one.

Every single one.

A hidden killer: Zombie APIs* scale non-linearly as your codebase ages.

Number of Zombie APIs

Number of Zombie APIs

2%

2%

9%

9%

14%

14%

17%

17%

3 yrs

3 yrs

7 yrs

7 yrs

10 yrs

10 yrs

13 yrs+

13 yrs+

Time

Time

Active APIs

Active APIs

Zombie APIs

Zombie APIs

*

*How do you define a Zombie API?

How do you define a Zombie API?

it's externally accessible

it's externally accessible

it hasn't seen recent network traffic

it hasn't seen recent network traffic

isn't under active development or maintenance

isn't under active development or maintenance

might be linked to critical PII (username, email, phone, etc.) — is classified as a Zombie API.

might be linked to critical PII (username, email, phone, etc.) — is classified as a Zombie API.

Case study

Take

Domino's

word for it.

Read how Domino's Pizza used p0 to detect exploitable Zombie APIs (some over 9 years old!) in their codebase.

Backed by

As seen on

But

why

care about

your Zombie API attack surface?

1.

1.