API Security Weekly: Issue #104

API Security Weekly: Issue #104

This week, see recent API-related vulnerabilities at Twitter and Grandstream Networks, the newly added support for mutual TLS (mTLS) in AWS API Gateway, and more.

This week, we check out the recent API-related vulnerabilities at Twitter and Grandstream Networks, the newly added support for mutual TLS (mTLS) in AWS API Gateway, and the API security episode in the Application Security Podcast.

Vulnerability: Twitter

A misconfiguration in the Twitter developer portal caused browsers to cache API keys, account access tokens, and account secrets.

It is highly unlikely that the vulnerability has been exploited. Not only would attackers have to had known about the vulnerability, they would also have needed physical access to the computers of their victims. That being said, this flaw could potentially had leaked these secrets on shared computers.

To avoid issues like this one, make sure you never cache any sensitive data on client-side.

Vulnerability: Grandstream Networks

Grandstream Networks is a global provider for IP video and voice services as well as WiFi and related services and equipment, and they operate in over 150 countries around the world.

The about 5 million Grandstream devices and services are managed in their GWN.Cloud management platform. Researchers from Pen Test Partners took a look at the platform and found vulnerabilities in the APIs behind it.

The web UI used an API to change device and network settings. When a user applied chang

security api cybersecurity apis twitter podcast api security newsletter api vulnerabilities aws api gateway

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

API Security Weekly: Issue #101

After the special 100th edition last week, which was all about API security advice from the industry’s thought leaders, this week we are back to our regular API security news, and we have twice the number of them, from the past two weeks.

Top 10 API Security Threats Every API Team Should Know

Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them

API Security Weekly: Issue #102 - DZone Security

This week, see recent API vulnerabilities at Facebook and the campaing apps for US presidential election, a new book on the OpenAPI Specification (OAS), and more.

API Security Weekly: Issue

This week, look at the recent vulnerability in Cisco Data Center Network Manager, the API aspect of the data breach at MGM Grand Resort, and more.

API Security Weekly: Issue #94

Look at a potential username exposure in WordPress APIs, an upcoming API security training at the Black Hat USA 2020 conference, and more!