This week, we take a look at the API vulnerabilities discovered at Peloton, how India is locking down the APIs for their COVID vaccination portal, how API contracts can be generated from .NET code, and what API security sessions the upcoming RSA Conference (RSAC) offers.
Vulnerability: Peloton
Peloton is a producer of popular treadmills and stationary bicycles, as wells as a subscription service for training on the equipment. Jan Masters from Pen Test Partners found that the APIs behind the service were highly vulnerable and leaking personal user data.