This week, check out the API aspects of the recent SolarWinds and PickPoint breaches, see a review on how to shift API security left with GitHub and 42Crunch, and more.
The [SolarWinds hacking reported this weekend] was not API-related as such. It was a supply chain attack in which hackers (likely a state actor) managed to add their backdoor in one of the DLL files of SolarWind’s IT monitoring and management software, Orion. After a dormant period, the malicious code would contact the command and control center (C2) to get further instructions and execute them. This was in turn used against SolarWinds’ customers, including multiple US government agencies.
[Attackers opened 2,732 PickPoint package lockers across Moscow]. These are lockers that customers can use to pick the goods that they buy online.
Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them
After the special 100th edition last week, which was all about API security advice from the industry’s thought leaders, this week we are back to our regular API security news, and we have twice the number of them, from the past two weeks.
This week, look at the recent vulnerability in Cisco Data Center Network Manager, the API aspect of the data breach at MGM Grand Resort, and more.
We just released GraphQLscanning support to ensure that you can ship secure GraphQL APIs. We 'll jump into the specifics of the solution and follow up with a demo, let’s do a quick overview of the GraphQL specification. This is a unique space with an interesting set of challenges.
How to set up Elasticsearch and Kibana for User Behavior Analytics (UBA) in API Security Monitoring — Accurately identify API security vulnerabilities. Let's learn How to Properly Leverage Elasticsearch and User Behavior Analytics for API Security