Articles

API Security Weekly: Issue 162

,

This week, we have details of compromised Google Cloud accounts being used to mine cryptocurrency (mainly with weak or no passwords on API connections), there’s an article on how GraphQL can be used as an API gateway (including security controls), a very comprehensive guide to all things relating to API security, and a new API security training course from AppSecEngineer.

Vulnerability: Compromised Google Cloud Accounts Used to Mine Cryptocurrency

The main story this week comes from HackerNews and describes how attackers are able to exploit improperly secured Google Cloud Platform (GCP) tenants. The impact on affected users included compromising their cloud resources, like uploading cryptocurrency mining software, and ransomware and phishing attacks.

Source de l’article sur DZONE

/par

The Value of Internal APIs

,

Internal APIs are designed primarily to streamline software development and simplify systems and operational processes. These currently represent the vast majority of use cases.

Internal APIs are often overlooked since they are aimed at in-house developers. These types of APIs generally work with proprietary data specific to a company and its departments. Although this data must be protected, it must also be accessible to those who work with it. Internal APIs allow for exactly this kind of secure access, creating more efficient development cycles for their products.

Source de l’article sur DZONE

/par