Security News > 2020 > February > Three API security risks in the wake of the Facebook breach
The theft of access token represents a major API security risk moving forward, but also highlights how API risks can remain undetected for so long.
API risk is rooted in a lack of visibility, not only into its traffic, but also into its flexible and powerful parameters, known as API specifications-or "Specs." DevOps and SecOps attempt to mitigate this risk by creating and maintaining API catalogs, which are a collection of its specs.
Risks related to unknown or outdated API specifications include a complete absence of an API spec, a loosely-defined API spec, or an out-of-spec API call, which typically result from rapid development changes.
The risks related to uninspected APIs include launching lateral attacks through compromised servers, encrypted traffic remaining uninspected and API parameters set out of critical range-such as sabotaging an industrial IoT device by setting its temperature high enough to break down.
Next-generation API security solutions offer the promise of automatically discovering and continuously maintaining API catalogs, for further monitoring and alerting.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/z7YfN0N3A_g/
Related news
- 35% of exposed API keys still active, posing major security risks (source)
- National Public Data confirms breach exposing Social Security numbers (source)
- Common API security issues: From exposed secrets to unauthorized access (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Russian security firm Dr.Web disconnects all servers after breach (source)