Security News > 2020 > February > Three API security risks in the wake of the Facebook breach
The theft of access token represents a major API security risk moving forward, but also highlights how API risks can remain undetected for so long.
API risk is rooted in a lack of visibility, not only into its traffic, but also into its flexible and powerful parameters, known as API specifications-or "Specs." DevOps and SecOps attempt to mitigate this risk by creating and maintaining API catalogs, which are a collection of its specs.
Risks related to unknown or outdated API specifications include a complete absence of an API spec, a loosely-defined API spec, or an out-of-spec API call, which typically result from rapid development changes.
The risks related to uninspected APIs include launching lateral attacks through compromised servers, encrypted traffic remaining uninspected and API parameters set out of critical range-such as sabotaging an industrial IoT device by setting its temperature high enough to break down.
Next-generation API security solutions offer the promise of automatically discovering and continuously maintaining API catalogs, for further monitoring and alerting.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/z7YfN0N3A_g/
Related news
- Ireland fines Meta $264 million over 2018 Facebook data breach (source)
- API security blind spots put businesses at risk (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- UN aviation agency investigating 'potential' security breach (source)
- Washington state sues T-Mobile over 2021 data breach security failures (source)
- UN aviation agency confirms recruitment database security breach (source)
- Engineering giant Smiths Group discloses security breach (source)
- BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key (source)