Security News > 2020 > February > Three API security risks in the wake of the Facebook breach

Three API security risks in the wake of the Facebook breach
2020-02-17 06:30

The theft of access token represents a major API security risk moving forward, but also highlights how API risks can remain undetected for so long.

API risk is rooted in a lack of visibility, not only into its traffic, but also into its flexible and powerful parameters, known as API specifications-or "Specs." DevOps and SecOps attempt to mitigate this risk by creating and maintaining API catalogs, which are a collection of its specs.

Risks related to unknown or outdated API specifications include a complete absence of an API spec, a loosely-defined API spec, or an out-of-spec API call, which typically result from rapid development changes.

The risks related to uninspected APIs include launching lateral attacks through compromised servers, encrypted traffic remaining uninspected and API parameters set out of critical range-such as sabotaging an industrial IoT device by setting its temperature high enough to break down.

Next-generation API security solutions offer the promise of automatically discovering and continuously maintaining API catalogs, for further monitoring and alerting.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/z7YfN0N3A_g/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Facebook 29 0 11 46 54 111