The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Security", Category: "Networking"
Google has announced the general availability of important API security products. Google reCaptcha API is now generally available, after years of testing. Second, the Google Web Risk API which keeps lists of millions of unsafe URLs is also now generally available and ready for production use.
Appdome and ImmuniWeb have announced a new initiative that aims to find and remediate mobile application security vulnerabilities. The joint initiative, MobileTRUST, is an attempt to provide developers with a simple and reliable solution for rapid application security validation.
Security researchers have identified various vulnerabilities within the SoundCloud API that could have allowed attackers to gain access to user accounts and easily initiate DDoS attacks. Checkmarx Research conducted an investigation into the online social music platform.
A political campaign app designed for the Likud party in Israel has been found to include a basic API flaw that exposed the personal information of almost 6.5 million users. Likud, the party of Israeli prime minister Netanyahu, designed the app to help users receive campaign news and updates.
Twitter recently announced that on December 24, 2019, it became aware of a large network of fake accounts that were abusing the company’s API to match phone numbers to user’s accounts. Twitter noted that these attacks may be connected to state-sponsored actors from Iran, Israel, and Malaysia.
Yelp recently announced that it will open source its fuzz-lightyear testing framework. Fuzz-lightyear specifically identifies Insecure Direct Object Reference (IDOR) vulnerabilities which present some of the most difficult vulnerabilities for enterprises to systematically defend against.
Google has introduced a new service that aims to centralize, manage, and secure sensitive information like API keys, passwords, certificates, and other important data. Google Cloud Secret Manager is designed to help tackle secret sprawl, a significant barrier to application security.
The CNCF, which is responsible for maintaining Kubernetes, has announced a bug bounty program for the popular open-source container orchestration system. In partnership with Google and HackerOne, the CNCF will offer rewards ranging from $100 - $10,000 to worthy researchers.
Epigen Senior Information Security Architect Trevor Bryant decides it's time to get smart about the art of securing APIs. As it turns out, there's no one-stop-shop to get smart about API security. Bryant retraces his steps as he attempts to become an overnight expert on the topic of API Security.
Google announced in December of 2019 that it will soon require that third-party applications support OAuth 2.0 as a connection method for access to G Suite data. In June 2020 Google will begin denying access to users that attempt to login to less secure apps (LSAs).
Check Point Research, a provider of cyber threat intelligence, has published an in-depth review of an analysis they conducted concerning the popular TikTok video-sharing application. This analysis comes on the heels of continued scrutiny of TikTok by the United States government.
Cisco has reported API authentication mechanism vulnerabilities within its Cisco Data Center Network Manager (DCNM). The vulnerabilities potentially allow unauthenticated attackers to bypass authentication and execute actions as if an administrator. The vulnerabilities are considered critical.
Optimal IdM has announced the release of The OptimalCloud Partner Platform. Three New APIs from Optimal IDM offer unique options to partners and System Integrators including Multi-Tenant Administration and White Labeled User Interfaces.
This article is part of a series about Most Clicked, Shared and Talked About APIs that were added to our directory during 2019. Security and Privacy APIs are covered here. The APIs were chosen by our researchers, by popularity according to website traffic, and also by mentions on social media.
Apple has announced an open bug bounty program. Until now, Apple's bug bounty program operated under an invite-only, selected researcher model. The private program only accepted bugs for iOS. The new program is open to all security researchers and covers iPadOS, macOS, tvOS, watchOS, and iCloud.
Medicare and Medicaid's Blue Button API has been taken offline. The API allows third party applications to access Medicare claims data. On December 4, 2019, an API partner reported "a data anomaly with the Blue Button 2.0 API". The agency expects that less than 10,000 beneficiaries are affected.
Seventeen APIs have been added to the ProgrammableWeb directory in categories such as Healthcare, Security, and Networking. Featured is an API for the Alan chat platform, an API for NetFoundry network creation operations, and APIs for Targomo for route planning. Take a look at what is new.
Cloudflare has recently announced the release of a new GraphQL Analytics API that the company sees as the answer to complications caused by a multi-API approach it had used until now. Using the new API customers can access all performance, security, and reliability data from a single endpoint.
StrongSalt, encryption platform as a service provider, has introduced its Open Privacy API. The API allows developers to add encryption to everyday applications and workflows. The company believes it will do for encryption what Stripe has done for payments and Twilio has done for communications.
Sophos, cybersecurity solution provider, recently announced the availability of SophosLabs Intelix. The platform conducts threat intelligence and analysis through API calls. The three primary categories under the platform include real-time lookups, static file analysis and dynamic file lookups.