This week, we take a look into API vulnerabilities found in Tinder and Axway SecureTransport. In other news, FTC and Equifax have reached a settlement related to the 2017 breach, and the slides for an API security talk have been posted.

Vulnerability: Tinder

Sanskar Jethi has found that Tinder enforces its premium features (such as unblurred images of those who like you) to be available for premium membership only in the app, not in the API. Their API actually delivers regular, unblurred images to everyone.

Source de l’article sur DZONE