As we are wrapping up 2018, you can’t help looking back at the record number of high profile API breaches that happened this year and wondering what can be expected next year. However, it is not all about the holiday mood: this week was also marked by a security hole in mutual TLS authentication in the Go language, XSS at Google Code-in, another Facebook glitch, hundreds of vulnerable Kubernetes deployments, and an announcement of the upcoming healthcare API standards in the US.
The big one this week is the mutual TLS authentication issue in the Go language. The vulnerability that got fixed this week allowed attackers to launch CPU DoS attacks. With Go being one of the most popular programming languages in the microservices and backend implementation world and mutual TLS is one of the most popular security mechanisms, the impact of the vulnerability is significant.