Security News > 2021 > July > Coursera Flunks API Security Test in Researchers’ Exam
Coursera states, in its Vulnerability Disclosure Program, that access control issues are a security concern.
API leaks are not uncommon and have been main contributors to major security issues.
Seventy-seven percent of them contained hardcoded API keys - some of which don't expire - that would allow an attacker to intercept API exchange of information.
In his writeup, Silva confirmed that API access control issues are "One of the biggest security problems facing APIs.".
By May 24, 2021, Coursera had resolved all the API issues, including a new one that Checkmarx found and reported in January.
A Coursera spokesperson told Threatpost that "The privacy and security of learners on Coursera is a top priority. We're grateful to Checkmarx for bringing the low-risk API-related issues - which did not expose any personal data of learners, customers, or partners - to the attention of our security team last year, who were able to promptly address and resolve the issues."
News URL
https://threatpost.com/coursera-flunks-api-security-test-in-researchers-exam/167630/
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- The dark side of API security (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite (source)
- Product showcase: Shift API security left with StackHawk (source)
- Germany drafts law to protect researchers who find security flaws (source)