Articles

API Security Weekly: Issue #70

,

This week, we check out a recent API vulnerability in Twitter. In addition, it looks like API vulnerabilities are a bit of a theme in apps by political parties: vulnerabilities were discovered in apps by Israel’s Likud and the Democratic Party in the USA. We also have two API security talks: one recorded and one upcoming webinar.

Vulnerability: Twitter

Twitter has disclosed a recent API exploit. The API endpoints to make finding friends in Twitter by their phone numbers easier were abused, possibly by state-sponsored actors, to mine accounts by mapping them to phone numbers. Detecting and throttling the exploit was hard because the phone numbers were not sequential and attackers used multiple accounts and IP addresses in their attacks.

Source de l’article sur DZONE

/par

API Security Weekly: Issue #41

,

This week, we take a look into API vulnerabilities found in Tinder and Axway SecureTransport. In other news, FTC and Equifax have reached a settlement related to the 2017 breach, and the slides for an API security talk have been posted.

Vulnerability: Tinder

Sanskar Jethi has found that Tinder enforces its premium features (such as unblurred images of those who like you) to be available for premium membership only in the app, not in the API. Their API actually delivers regular, unblurred images to everyone.

Source de l’article sur DZONE

/par