api-breach

How a Trusted Client Hides API Vulnerability?

How a Trusted Client Hides API Vulnerability? A Case for Service Side Monitoring/Testing A critical vulnerability in Apple “Sign Me In” feature was reported last week (Reference) that would allow a bad actor to first login through the Apple Client using their own credentials, then abuse the same login session to request a JSON Web …

How a Trusted Client Hides API Vulnerability? Read More »

Data Leaks When API Services Miscommunicate

Data Leaks When API Services Miscommunicate How Monitoring All Call Traces Can Detect and Prevent Data Exfiltration Findadoctor.com Data Leakage It was reported that information about 1.4 million US doctors was leaked (https://apisecurity.io/issue-79-1-4-million-doctor-records-scraped-using-api/) when bad actors appear to have taken advantage of a GitLab file upload vulnerability (https://about.gitlab.com/blog/2020/03/30/how-to-exploit-parser-differentials/).   The technical details of the vulnerability are …

Data Leaks When API Services Miscommunicate Read More »

Digging Deep to Defend Against Docker API Abuse

Digging Deep to Defend Against Docker API Abuse Another day, another API breach adds to the growing chorus against API vulnerabilities. The attack we speak about this time is targeting publicly exposed Docker APIs, leveraging the victim infrastructure for illegitimate cryptocurrency mining. Way to ruin Thanksgiving for Docker Admins, I say! In this blog, we …

Digging Deep to Defend Against Docker API Abuse Read More »

Time to Think Beyond Access: 3 Lessons from Capital One Data Breach

Time to Think Beyond Access: 3 Lessons from Capital One Data Breach On July 19, 2019, Capital One determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers. That week the internet was abuzz with the information related to Capital One Data Breach. Around …

Time to Think Beyond Access: 3 Lessons from Capital One Data Breach Read More »

What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented

What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented A Data Exposure flaw at the United States Postal Service (USPS) website was disclosed last week by Brain Krebs from KrebsonSecurity. The flaw was identified in the APIs exposed by a web component on the USPS website and potentially exposed data from 60 Million users. …

What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented Read More »

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security Confucius taught us more than 2000 years ago: “Listen to his claims, but watch his actions.” Things are not what they claim to be. Such words of wisdom speak volume in light of the most …

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security Read More »

Toppling The App Jenga Tower – Pulling The API Parameter Piece

Toppling The App Jenga Tower – Pulling The API Parameter Pieceext Here All of us have seen Jenga, Topple the Tower game. Today’s enterprise applications very much resemble the tower with a myriad of services and their instances each glued together by APIs much like the wooden blocks. Un-aware to the enterprise is the fact that …

Toppling The App Jenga Tower – Pulling The API Parameter Piece Read More »