The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Security"
Box APIs support everything from the way that Box and Office365 integrate seamlessly, to the 1,600 third-party applications in our app store. This API-first strategy has been incredibly successful, to the point where more than half of our monthly API calls come from third-party integrations.
Apple has announced that the company plans on launching its first-ever bug bounty program in September. The program will initially be invite only and the company will pay up to $200,000 USD to researchers who discover and report iOS and iCloud bugs and security vulnerabilities.
Dashlane and Google want to simplify security and authentication on Android devices and have an API to do it. App developers can use the new Open YOLO API to access the credentials stored in password managers to log users into apps and services. The idea here is to improve security.
Pokémon Go has become a runaway hit and many developers are showing their enthusiasm for the game by reverse engineering the private, internal Pokémon Go API and creating unofficial third-party apps. The current situation of the Pokémon Go API exemplifies mobile API security concerns.
The rise of fintech was more like an explosion – thousands of new apps suddenly sprung onto the market and fundamentally changed how we interact with our finances and the financial institutions we put in charge of them. While there’s never been a question about whether fintech requires
As Pokemon Go continues is rise in popularity, many developers have reverse engineered the game to publish unauthorized APIs. Niantic has now issued a cease and desist letter to a popular Pokemon Go API developer in an attempt to quash the unauthorized practice. Will threatened legal action work?
A new self-serve risk assessment tool is now available in private beta for API providers who want to test the security robustness around their API architecture and design. The new tool allows entering an API by a variety of means and then testing for common vulnerabilities. Solutions are suggested.
Security researcher Avicoder reported that he uncovered a vulnerability in Twitter's Docker installation housing its Vine source code. The researcher downloaded the entire Vine source code in one of the 80+ server images pulled. Twitter secured the install within 5 minutes, and paid compensation.
Security researchers have discovered a vulnerability in the Swagger ecosystem that could result in the exploitation of Web API endpoints when those endpoints or any SDKs designed to access them are generated from a Swagger-based API description. Malicious remote code execution is the main concern.
Fourteen APIs have been added to the ProgrammableWeb directory in categories including Security, Telephony, Content and Authentication. Featured today are several APIs for threat intelligence provided in the CrowdStrike Falcon Platform. Here's a rundown of the latest additions.
With thousands of Facebook developers pushing code at an average rate of three to four times a day, writing code that is “secure by default” is critical to avoid introducing security vulnerabilities. Although secure by default code is not a new idea, it’s something many developers and
Stampery launched two new services that further its goal to be the defacto notarization provider of the 21st century. A new API and improved certification service (Stamp.io) continue Stampery's use of blockchain technology to digitally verify documents and create secure records of existence.
The growing use of APIs increases the potential security vulnerabilities that expose businesses and users to malicious intent. A recent study undertaken by Ovum and Distil Networks shows that a lack of clarity in who is responsible for API security means not enough is being done manage the risks.
CrowdStrike Inc. today announced the addition of a broad set of sophisticated and easy-to-use APIs to the CrowdStrike Falcon Platform, along with new development and integration resources, as part of its Spring release of new solutions and services.
Google recently announced version 4 of its Safe Browsing API. The API has already been in production via the Safe Browsing client on Android since December and it specifically focuses on issues associated with mobile browsing. With the new version, Google will deprecate versions 2 and 3.
Facebook has rewarded a 10 year-old boy from Finland with a $10,000 bounty for discovering an authentication-related vulnerability in the Instagram API that could have enabled a hacker to delete comments of any user on the popular social photo sharing service even without an Instagram account.
The latest beta release of Chrome includes support for W3C's Credential Management API. The API allows developers to store and sync sign-in information with a browser's credential manager. Chrome support and integration should cut down on the number of sign-ins required by a user while browsing.
Threat Stack has launched a new Webhook API that customers can use to integrate to integrate the Threat Stack Cloud Security Platform with internal applications and third-party monitoring platforms. The Threat Stack Webhook API allows critical alerts to be communicated in real time.
A new study by Ovum and Distil Networks released today shows that a third of all APIs are designed and implemented without any input from an enterprise’s security team. This continues through to management of an API, where there is often disagreement internally over who should manage API security.
Swipebuster is using the private Tinder API to obtain Tinder user data. Swipebuster can find out if a specific person is using Tinder and can provide the most recent date that person used the Tinder app. Other companies that have had private APIs reverse engineered include Uber, SnapChat, and Tesla.