This week, see recent API-related vulnerabilities at Twitter and Grandstream Networks, the newly added support for mutual TLS (mTLS) in AWS API Gateway, and more.
This week, we check out the recent API-related vulnerabilities at Twitter and Grandstream Networks, the newly added support for mutual TLS (mTLS) in AWS API Gateway, and the API security episode in the Application Security Podcast.
A misconfiguration in the Twitter developer portal caused browsers to cache API keys, account access tokens, and account secrets.
It is highly unlikely that the vulnerability has been exploited. Not only would attackers have to had known about the vulnerability, they would also have needed physical access to the computers of their victims. That being said, this flaw could potentially had leaked these secrets on shared computers.
To avoid issues like this one, make sure you never cache any sensitive data on client-side.
Grandstream Networks is a global provider for IP video and voice services as well as WiFi and related services and equipment, and they operate in over 150 countries around the world.
The about 5 million Grandstream devices and services are managed in their GWN.Cloud management platform. Researchers from Pen Test Partners took a look at the platform and found vulnerabilities in the APIs behind it.
The web UI used an API to change device and network settings. When a user applied chang
After the special 100th edition last week, which was all about API security advice from the industry’s thought leaders, this week we are back to our regular API security news, and we have twice the number of them, from the past two weeks.
Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them
This week, see recent API vulnerabilities at Facebook and the campaing apps for US presidential election, a new book on the OpenAPI Specification (OAS), and more.
This week, look at the recent vulnerability in Cisco Data Center Network Manager, the API aspect of the data breach at MGM Grand Resort, and more.
Look at a potential username exposure in WordPress APIs, an upcoming API security training at the Black Hat USA 2020 conference, and more!