Understanding cyber threats to APIs

2020-06-05 04:00

The many benefits that APIs bring to the software and application development communities - namely, that they are well documented, publicly available, standard, ubiquitous, efficient, and easy to use - are now being leveraged by bad actors to execute high profile attacks against public-facing applications.

The security conundrum for APIs is that whereas most practitioners would recommend design decisions that make resources more hidden and less available, successful deployment of APIs demands willingness to focus on making resources open and available.

APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface level access control issue.

As exemplified by the OWASP list, the cyber security community is beginning to identify many familiar, canonical issues that emerge in the use of APIs for public-facing applications.

If successful, the bad actors could attempt to commit financial fraud by transferring funds across the Open Funds Transfer API. OFX, of course, is the industry standard API for funds transfer within the financial services community, and as such the APIs are publicly-available and well-documented to facilitate use.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/pkT_0OsPZOQ/

#API #threat