Secret API Keys add a layer of security to APIs and who can access what functions, but a simple flaw in the common implementation in GitHub leaves many API Keys exposed to external developers. This tutorial by Moshe Shaham explains this error, as well as how to leverage it to find API keys.
Target is on the data breach hot seat again, just two weeks after settling its massive 2013 data breach. This time, an API vulnerability tied to the Target app wishlist functionality led a security firm to easily retrieve personal information from app users. The API requires no authentication.
Private messaging app Confide has launched ScreenShieldKit, an SDK that allows developers to use its anti-screenshot technology in their iOS 10 and 11 apps. ScreenShieldKit can protect text, photos, videos and documents from screenshots taken using a variety of common methods.