Security News

Zombie APIs commonly arise when old and less secure versions of your APIs are left to live another day. For some reason, finding shadow and zombie APIs seems to be a much easier task for bad actors than it is for internal security and risk teams.

Continuous software development results in the frequent release of new API versions. API sprawl introduces significant operational and security challenges.

This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. We've got an API security course and cloud security course to deepen our security-related knowledge in these domains.

This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. We've got an API security course and cloud security course to deepen our security-related knowledge in these domains.

API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.

API security issues: Enterpises must apply a zero trust approach. The findings revealed that only a staggering 2% of enterprise IT practitioners in these industries feel completely confident in their organization's ability to reduce API security issues such as unauthorized access, data privacy, compliance risk and security threats.

Whether pursued as a compliance requirement or a business strategy, open banking has ignited financial services firms to focus on APIs and API security. Financial services API security issues 54 of the 55 mobile apps that were reverse engineered contained hardcoded API keys and tokens including usernames and passwords to third-party services.

Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform. Scoolio is a German student community app that aims to build better time management skills, tutoring, homework planning, and group chats to network with peers.

Often, API security is relegated to an afterthought in the rush to bring them to market, with many organizations relying on traditional network security solutions that are not designed to protect the wide attack surface that APIs can introduce. "From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application," said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report.

Security firm Sonatype on Wednesday said it had spotted two related malicious NPM libraries that were named so they might be mistaken for a popular legitimate module that serves as a Roblox API wrapper. Js, a Roblox game API wrapper available on NPM and as a standalone download. Roblox is a gaming platform with more than 40 million daily active users.