USPS, Amazon Data Leaks Showcase API Weaknesses
The incidents affected millions, just as Black Friday, Cyber Monday and the holiday shopping season kicked off. Continue reading USPS, Amazon Data Leaks Showcase API Weaknesses
Category Archives: API security
US Postal Service Left 60 Million Users Data Exposed For Over a Year
The United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.
The U.S.P.S. is an independent agency of the American federal … Continue reading US Postal Service Left 60 Million Users Data Exposed For Over a Year
Countering threats: Steps to take when developing APIs
High profile data breaches resulting from faulty APIs continue to make headlines. In the last few months alone, T-Mobile’s data breach resulted in hackers stealing personal data of more than two million customers while Google shutdown the consumer vers… Continue reading Countering threats: Steps to take when developing APIs
Bring visibility to shadow APIs and ensure that security standards are being met
Last week Data Theorem introduced the industry’s first automated API discovery and security inspection solution aimed at addressing API security threats introduced by today’s enterprise serverless and microservices applications. We took this opportunit… Continue reading Bring visibility to shadow APIs and ensure that security standards are being met
Three C-Words of Web App Security: Part 2 – CSRF
This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, … Continue reading Three C-Words of Web App Security: Part 2 – CSRF
The end of Google+: Low usage and an API bug that exposed user data
Google has announced that it will be closing down the consumer version of Google+, its failed answer to Facebook, and is introducing more granular Google Account permissions, new limits for third-party apps that seek permission to access users’ G… Continue reading The end of Google+: Low usage and an API bug that exposed user data
The end of Google+: Low usage and an API bug that exposed user data
Google has announced that it will be closing down the consumer version of Google+, its failed answer to Facebook, and is introducing more granular Google Account permissions, new limits for third-party apps that seek permission to access users’ G… Continue reading The end of Google+: Low usage and an API bug that exposed user data
Most organizations believe hackers can penetrate their network
Radware released findings from its second annual web application security report, Radware 2018 State of Web Application Security. The report shares an in-depth view of the challenges organizations face in protecting web applications and how recent secu… Continue reading Most organizations believe hackers can penetrate their network
APIs: The Trojan horses of security
At the moment, within the cybersecurity industry the emphasis tends to be on securing networks with perimeter-based protection, however, leaving an application endpoint unsecured means an application programming interface (API) can serve as a gateway t… Continue reading APIs: The Trojan horses of security
Building an Effective API Security Strategy: Easy If You Have the Right Tools
In their approach to application programming interface (API) security, organizations exposing web APIs must balance ease of access with control. Like the bank robber attacking banks because “that’s where the money is,” the use of APIs… Continue reading Building an Effective API Security Strategy: Easy If You Have the Right Tools