owasp-api-top10

Data Leaks When API Services Miscommunicate

Data Leaks When API Services Miscommunicate How Monitoring All Call Traces Can Detect and Prevent Data Exfiltration Findadoctor.com Data Leakage It was reported that information about 1.4 million US doctors was leaked (https://apisecurity.io/issue-79-1-4-million-doctor-records-scraped-using-api/) when bad actors appear to have taken advantage of a GitLab file upload vulnerability (https://about.gitlab.com/blog/2020/03/30/how-to-exploit-parser-differentials/).   The technical details of the vulnerability are …

Data Leaks When API Services Miscommunicate Read More »

Digging Deep to Defend Against Docker API Abuse

Digging Deep to Defend Against Docker API Abuse Another day, another API breach adds to the growing chorus against API vulnerabilities. The attack we speak about this time is targeting publicly exposed Docker APIs, leveraging the victim infrastructure for illegitimate cryptocurrency mining. Way to ruin Thanksgiving for Docker Admins, I say! In this blog, we …

Digging Deep to Defend Against Docker API Abuse Read More »