In the latest edition of API Security Weekly, learn about the API token format, penetration testing in GraphQL and API Mindmap, and Kiterunner.
Best Practices: API Token Format API keys can be or look like pretty much anything. And like any other means of authentication, they are very sensitive if they leak out and fall into the wrong hands.
Designing API tokens that follow unique patterns is one of the security best practices gaining traction lately. This enables tools that can detect these API keys, for example, in code repositories or logs, and can thus prevent leaks.
After the special 100th edition last week, which was all about API security advice from the industry’s thought leaders, this week we are back to our regular API security news, and we have twice the number of them, from the past two weeks.
This week, look at the recent vulnerability in Cisco Data Center Network Manager, the API aspect of the data breach at MGM Grand Resort, and more.
Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them
This week, see recent API-related vulnerabilities at Twitter and Grandstream Networks, the newly added support for mutual TLS (mTLS) in AWS API Gateway, and more.
This week, see how Twitter API erroneously allowed browsers to cache sensitive data and how skimmers have found a way to use Google Analytics APIs to get their hands on credit card data.