Security News > 2020 > December > Third-Party APIs: How to Prevent Enumeration Attacks

When organizations use APIs - the next frontier in cybercrime - to engage with third parties, it's crucial they understand the associated security exposure they're introducing.

At the same time, they're offloading this data to a potential unsecured third party.

Did offloading to a third party provide a solution or introduce a new problem? How can retailers provide a seamless customer experience while still protecting the critical data with which they're trusted?

Researching this transaction further, I noticed an HTTP-POST of credit-card details, which had been sent to a third party via an API. The response from the third-party API included the token that this particular food retailer will need to use to match this transaction and eventually get paid.

Utilizing a retailer's APIs and third-party APIs, malicious actors can commit this type of fraud at a high speed.

News URL

https://threatpost.com/third-party-apis-enumeration-attacks/162589/