Phone geolocation company LocationSmart allowed users to look up the real-time location of any supplied mobile phone number without the need of a password or authentication. API security leaks such as this are all too common but what is worrisome is how LocationSmart got this data to start with.
When programming a web application, security is often a prime concern. If you've read my previous articles, you've often seen me comment on how secure an API is, as many of them are pretty secure, but many of them are not. When working on a cool application, often security is something you don't really want to spend that much time thinking about, which is why Layer 7 recently released an OAuth toolkit.