owasp-api3

OWASP API Security Top 10 – Excessive Data Exposure

OWASP API Security Top 10 – Excessive Data Exposure This week we look at the third item in the list of OWASP API security top 10 Excessive Data Exposure. Descriptions of other OWASP API top 10 can be accessed from the introductory blog available here. APIs retrieve necessary data from back end systems when client …

OWASP API Security Top 10 – Excessive Data Exposure Read More »

Data Leaks When API Services Miscommunicate

Data Leaks When API Services Miscommunicate How Monitoring All Call Traces Can Detect and Prevent Data Exfiltration Findadoctor.com Data Leakage It was reported that information about 1.4 million US doctors was leaked (https://apisecurity.io/issue-79-1-4-million-doctor-records-scraped-using-api/) when bad actors appear to have taken advantage of a GitLab file upload vulnerability (https://about.gitlab.com/blog/2020/03/30/how-to-exploit-parser-differentials/).   The technical details of the vulnerability are …

Data Leaks When API Services Miscommunicate Read More »