The latest news on the API economy
Searching: No Search Term , Filtered By Category: "Tools", Category: "Captcha", Category: "Security"
Google recently announced version 4 of its Safe Browsing API. The API has already been in production via the Safe Browsing client on Android since December and it specifically focuses on issues associated with mobile browsing. With the new version, Google will deprecate versions 2 and 3.
Facebook has rewarded a 10 year-old boy from Finland with a $10,000 bounty for discovering an authentication-related vulnerability in the Instagram API that could have enabled a hacker to delete comments of any user on the popular social photo sharing service even without an Instagram account.
The latest beta release of Chrome includes support for W3C's Credential Management API. The API allows developers to store and sync sign-in information with a browser's credential manager. Chrome support and integration should cut down on the number of sign-ins required by a user while browsing.
Threat Stack has launched a new Webhook API that customers can use to integrate to integrate the Threat Stack Cloud Security Platform with internal applications and third-party monitoring platforms. The Threat Stack Webhook API allows critical alerts to be communicated in real time.
A new study by Ovum and Distil Networks released today shows that a third of all APIs are designed and implemented without any input from an enterprise’s security team. This continues through to management of an API, where there is often disagreement internally over who should manage API security.
Swipebuster is using the private Tinder API to obtain Tinder user data. Swipebuster can find out if a specific person is using Tinder and can provide the most recent date that person used the Tinder app. Other companies that have had private APIs reverse engineered include Uber, SnapChat, and Tesla.
The recent debate surrounding Apple’s defiance of the FBI’s request to provision a back door into an iPhone has done something that few other news events could have done; it significantly raised the general public’s awareness of the degree to which Apple has gone to protect the privacy of its cus
So far, this article has primarily focused on the extent to which a smartphone's fingerprint reader can be used to secure the device or provide convenience to the end user. But, does the absence of an AND/conjuction approach for unlocking the device also mean that AND/conjunction is not available
Application security is often overlooked. Perhaps this is due to a lack of understanding, or perhaps a focus on features and aesthetics is more alluring for developers. A modest data breach can render valuable data vulnerable, and can cripple customer trust in your application.
A new company, Secful, aims to help companies identify attacks against their APIs and respond in an automated fashion with a "custom-tailored" security-layer. According to the company, existing security solutions don't sufficiently protect APIs and often fail to detect attacks before it's too late.
As we turn more to the Cloud, Big Data, and the Internet of Things to help run our lives, we’re seeing a rise in Cybercrime; colleges and universities are no exception. In February of this year, over 63,000 students at the University of Central Florida had their sensitive personal data exposed.
GitHub has added several new features to the platform to help make code reviews even faster and more flexible for developers and development teams. The new code review features include pull request files list, commits list, comments with deeper context, and timeline indicator.
The Run in Postman Button is now live for over 10 public APIs including Apigee, Best Buy, GoSquared, and Transport for London (TfL). The Run in Postman Button allows API publishers to provide one-click testing of their public APIs by adding an embed code in their API documentation.
Apperian Inc. has released a set of RESTful APIs opening up the Apperian platform to current customers and partners. The APIs provide platform functionality that can be used for programmatically enabling application onboarding, inspection, signing, distribution, analytics, and more.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
Two security researchers discovered insecure, authentication-less APIs that made the world's best-selling electric car, the Nissan LEAF, vulnerable to hackers who could obtain private information about a vehicle's operations and travels and even control key vehicle functions.
This is the introduction to ProgrammableWeb’s series on Understanding the Realities of API Security. It is taken from the overview of David Berlind's written testimony to the ONC's API Security and Privacy Task Force. The testimony is based on two years of research into a number of API attacks.
This is first part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at how the external availability of APIs can impact their security.
This is part two of ProgrammableWeb’s series on Understanding the Realities of API Security. It is taken from the overview of David Berlind's written testimony to the ONC's API Security and Privacy Task Force. This article looks at the decision whether to make API documentation publicly available.