The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Security", Category: "Authentication", Category: "Enterprise", Category: "Identity", Category: "OAuth"
The Google Drive API makes it possible for developers to add Google Drive file access to their own apps. Well, Google plans to retire the Google Drive Android API next year and replace it with the Google Drive REST API. Get ready to migrate your apps before December 6, 2019.
The VCE-2018-1002105 bug was recently reported for many versions of Kubernetes. The flaw allowed for both the swiping of sensitive information and the injection of malicious code. The fix requires an upgrade to the latest version. No malicious use of the hole has been reported to date.
Ping Identity announced a public preview of its PingOne for Customers. The platform allows developers to offload the growing number of identity services to Ping Identity, instead of managing such services on their own. Current services include registration, login, profile management, and more.
Ten APIs have been added to the ProgrammableWeb directory in categories including Podcasts, Location, and Machine Learning. Featured today is the GitHub Security Advisory API, two APIs for Mapfit, and an API for obtaining FEMA flood zone data. Here's a rundown of the latest additions.
Attackers know that API calls originating from inside an app are a blueprint for the infrastructure inside your data center. Further, they can use those same API calls to hide their malicious purposes, like a Trojan horse ready to slip through the front door. Apps are the new emerging threat vector.
The United States Postal Service confirmed recently that they have patched an API issue which exposed the account details for up to 60 million users. Additionally, in some cases, the vulnerability could have allowed hackers to modify other users’ account details.
Squarelink, an access tool for blockchain apps and services, has launched along with its public REST API. The API lets blockchain applications to retrieve transactions, data, and user account information upon permission by the user. The startup also plans on releasing open source client SDKs soon.
Google has evolved its bot-detecting reCAPTCHA API again. reCAPTCHA v3 goes beyond distorted text and identifying signals. v3 monitors a site user's interaction with a site and provides a score to the site owner/developer. The developer can use the risk score to evaluate needed actions.
Docker vulnerabilities have been the source of malicious attacks for years. A new trend in attacking Docker containers is to identify an unsecured Docker API, launch a new container, and use the container to start mining cryptocurrency. Trend Micro has identified an attacker looking for weaknesses.
Data Theorem, developer of application security systems, has announced two new solutions for API security analysis, API Inspect and API discover. Both tools aim to help customers gain a greater visibility into the status of their applications overall API security.
APIs, via B2B partnerships and B2C applications, can increase a company’s reach and make digital assets and services available to broader audiences. There are dangers posed by the adoption of insecure APIs in the enterprise. Hence, businesses need a strategy for building and operating secure APIs.
GitHub has just announced that they are launching a Security Advisory API that will provide data on vulnerabilities aggregated from millions of projects. Programmatic access to security advisories should allow developers to more proactively address issues.
Microsoft took its next step in protecting user data by making two products available for public preview under the confidential computing project. The DC-series virtual machines and Open Enclave SDK have completed private betas and are ready for public preview. The goal is to protect data in use.
Rapid7 has announced API access to its InsightAppSec security solution. InsightAppSec is a security suite based on Dynamic Application Security Testing (DAST). Prior to the API, usage of the DAST features were limited to the user UI options offered by Rapid7. Now, developers can get more granular.
Google announced yesterday that it is shutting down the consumer version of Google+. The news came alongside the reveal of an API vulnerability discovered earlier this year. The company will provide 10 months for users to download their content.
Facebook discovered a security attack that potentially compromised 50 million user accounts in late September. While Facebook has now reported that the actual affect was minimal, the company has released a tool that helps app developers understand whether their users were affected or not.
What happens when you are ready to take your API from a small subset of users to something more open? What are the things you want to make sure are locked down tight before rolling out an open API program? James Higginbotham offered some tips for making sure your API is ready.
Earlier this week GitLab announced the release of security updates aimed at fixing various flaws found in previous iterations. One issue was an insecure direct object reference that exposed confidential issues within all public projects, via the Events API.
Google has bolstered the capabilities of its Android Management API with new work profiles and mobile device support. This makes the API a more well-rounded tool for businesses to take advantage of when provisioning and managing Android devices deployed across their enterprise.
A few weeks ago, Twitter reported a bug related to its Account Activity API. Twitter has since investigated the matter with potentially affected partners and taken remediation efforts. Now, Twitter has reported the exact requirements for the bug to have potentially affected partners.