Security News > 2020 > August > APIs Are the Next Frontier in Cybercrime

Most APIs have /API/V1/login as an authentication endpoint.

With all the possible activity in view, I can search for common misconfigurations or APIs that don't protect user data correctly.

Some organizations publish API documents for third parties, but use the same API endpoints for all users.

The Fix: To make the discovery of your APIs more difficult, ensure your API documentation is gated and controlled with entitlements that only allow access to valid users.

Remember, APIs make attackers more efficient as well as make the use of your system more efficient.

News URL

https://threatpost.com/apis-next-frontier-cybercrime/158536/