This is the first part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at the actual security concerns surrounding APIs.
Security researchers have discovered a vulnerability in the Swagger ecosystem that could result in the exploitation of Web API endpoints when those endpoints or any SDKs designed to access them are generated from a Swagger-based API description. Malicious remote code execution is the main concern.
We start your week off with a review of the stories we couldn’t cover in the world of APIs. Included are Apple's announcement of the WebCrypto API, their effort to bring cryptography native to web browsers, AnchorFree's SDK for preserving net neutrality and the latest API for Bitbucket Cloud.