API vulnerability
API3:2019 Excessive Data Exposure: Understanding the Risks, Impacts, and How to Prevent It
Excessive data exposure occurs when APIs reveal more fields, data, and information than the client requires through the API response. The post API3:2019 Excessive Data Exposure: Understanding the Risks, Impacts, and How ...
API Scanning: How to Scan API Endpoints?
Your APIs are the digital face of your business. It helps to exchange your business-critical data. Do you know the point where the information is exchanged? The answer is API. The post ...
Multi-Tenant SaaS Authentication Bypass or Works-as-Designed?
Four months ago, researchers at Cequence discovered an authentication vulnerability in the Lithium community forum platform (now part of Khoros), that warranted a responsible disclosure submission. The vulnerability impacts Khoros customers using ...
Some Recent API Security Related Gaffes, And How They Might Have Been Avoided
This is the second of three guest blogs as part of our collaboration with Cequence. In the first blog on August 30, I wrote about how we’ve seen the level of API ...
Hey API! What you Token?
Technology is always evolving with some of it widely adopted, while others never get implemented. In some cases, the technology adopted for the sake of the latest and greatest is implemented incorrectly, ...
API Security Need to Know: Lessons Learned From the Peloton Security Incident
By now most have heard about the Peloton data breach incident and no doubt the security team at Peloton is working long, hard hours to pull themselves out of this horrible situation ...
Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks
As a mechanism to offload PCI risks, many retailers are now using third-party credit card processing for their online transactions. The retailer’s benefit is they are no longer handling the credit card ...
API Security Need-to-Know: Ramifications of Weak API Authentication
In today’s blog, we will discuss the ramifications of unauthenticated APIs using the recently published ZIPNet vulnerability. ZIPNet is an online application operated by Law Enforcement Authorities in India to share Crime ...
