API Threat Protection

OWASP API Security Top 10 – Excessive Data Exposure

OWASP API Security Top 10 – Excessive Data Exposure This week we look at the third item in the list of OWASP API security top 10 Excessive Data Exposure. Descriptions of other OWASP API top 10 can be accessed from the introductory blog available here. APIs retrieve necessary data from back end systems when client …

OWASP API Security Top 10 – Excessive Data Exposure Read More »

APIs – Underpinning Modern Technologies to Popular Data Breaches

APIs – Underpinning Modern Technologies to Popular Data Breaches In today’s world software is an essential piece driving digital transformation and also business value for every enterprise. Microsoft CEO Satya Nadella not long ago said, “every company is a software company, every company is a digital organization”. At the crux of this transformation is the …

APIs – Underpinning Modern Technologies to Popular Data Breaches Read More »

OWASP API Security Top 10 – Broken Object Level Authorization

OWASP API Security Top 10 – Broken Object Level Authorization Broken Object Level Authorization (BOLA) is the top most in the list of OWASP Top 10 API Security threats because of its ease of exploitation combined with its potential for impact as well as the difficulty to defend this threat in an organized way.    …

OWASP API Security Top 10 – Broken Object Level Authorization Read More »

How a Trusted Client Hides API Vulnerability?

How a Trusted Client Hides API Vulnerability? A Case for Service Side Monitoring/Testing A critical vulnerability in Apple “Sign Me In” feature was reported last week (Reference) that would allow a bad actor to first login through the Apple Client using their own credentials, then abuse the same login session to request a JSON Web …

How a Trusted Client Hides API Vulnerability? Read More »

API Security Checklist: Secure API Design

API Security Checklist: Secure API Design Adopting a Shift-left Approach Securing API Endpoints is critical for securing applications. This requires security products to monitor a diverse and comprehensive set of components supporting the application. Some security products evaluate the behavior of application traffic, some focus on the post-development application code, and others look to embed …

API Security Checklist: Secure API Design Read More »

Data Leaks When API Services Miscommunicate

Data Leaks When API Services Miscommunicate How Monitoring All Call Traces Can Detect and Prevent Data Exfiltration Findadoctor.com Data Leakage It was reported that information about 1.4 million US doctors was leaked (https://apisecurity.io/issue-79-1-4-million-doctor-records-scraped-using-api/) when bad actors appear to have taken advantage of a GitLab file upload vulnerability (https://about.gitlab.com/blog/2020/03/30/how-to-exploit-parser-differentials/).   The technical details of the vulnerability are …

Data Leaks When API Services Miscommunicate Read More »