OWASP API Security Top 10 – Excessive Data Exposure This week we look at the third item in the list of OWASP API security top 10 Excessive Data Exposure. Descriptions of other OWASP API top 10 can be accessed from the introductory blog available here. APIs retrieve necessary data from back end systems when client …
OWASP API Security Top 10 – Excessive Data Exposure Read More »
API Security Checklist: Cheatsheet Over the last few weeks we presented a series of blogs [1][2][3] outlining 15 best practices for strengthening API security at the design stage. Here are three cheat sheets that break down the 15 best practices for quick reference: As APIs become the fabric for applications, the cyber security threats exploiting …
OWASP API Security Top 10 – Broken Authentication Let us dive into the second item in the OWASP API Top 10 list: Broken Authentication. In this article, we look at a couple of attacks that fall into this category and also review the protection mechanisms. If you missed the first article in this series which …
OWASP API Security Top 10 – Broken Authentication Read More »
API Security Checklist: Part 3 This is the final blog in the series outlining 15 best practices for strengthening API security with a shift-left approach. If you haven’t had a chance to read the API Security Checklist: Secure API Design (first) and API Security Checklist: Part 2 (second) article in this series, now is a …
APIs – Underpinning Modern Technologies to Popular Data Breaches In today’s world software is an essential piece driving digital transformation and also business value for every enterprise. Microsoft CEO Satya Nadella not long ago said, “every company is a software company, every company is a digital organization”. At the crux of this transformation is the …
APIs – Underpinning Modern Technologies to Popular Data Breaches Read More »
OWASP API Security Top 10 – Broken Object Level Authorization Broken Object Level Authorization (BOLA) is the top most in the list of OWASP Top 10 API Security threats because of its ease of exploitation combined with its potential for impact as well as the difficulty to defend this threat in an organized way. …
OWASP API Security Top 10 – Broken Object Level Authorization Read More »
API Security Checklist: Part 2 We continue the journey on understanding the best practices applicable towards secure application development, enforced through an API specification. In the first article in this 3-part series, we learned about five best practices specific to how the security field as well as arrays should be managed in an API request …
How a Trusted Client Hides API Vulnerability? A Case for Service Side Monitoring/Testing A critical vulnerability in Apple “Sign Me In” feature was reported last week (Reference) that would allow a bad actor to first login through the Apple Client using their own credentials, then abuse the same login session to request a JSON Web …
API Security Checklist: Secure API Design Adopting a Shift-left Approach Securing API Endpoints is critical for securing applications. This requires security products to monitor a diverse and comprehensive set of components supporting the application. Some security products evaluate the behavior of application traffic, some focus on the post-development application code, and others look to embed …
Data Leaks When API Services Miscommunicate How Monitoring All Call Traces Can Detect and Prevent Data Exfiltration Findadoctor.com Data Leakage It was reported that information about 1.4 million US doctors was leaked (https://apisecurity.io/issue-79-1-4-million-doctor-records-scraped-using-api/) when bad actors appear to have taken advantage of a GitLab file upload vulnerability (https://about.gitlab.com/blog/2020/03/30/how-to-exploit-parser-differentials/). The technical details of the vulnerability are …
© 2020 CloudVector, Inc. All Rights Reserved. Privacy Policy
