Posted on

API Security Weekly: Issue 173

This week, we have news of the eye-opening vulnerability on the Coinbase platform which netted $250,000 in bug bounty. There’s also an excellent guide on best practices for authentication and authorization for REST APIs, an article on the growth of bad bots and how to mitigate against them, and a fun read from APIHandyman on how to hack the Elgato Key light API.

Vulnerability: Coinbase API Bug Allowed Unlimited Cryptocurrency Trading

This week’s major news story has been the disclosure of a major vulnerability in an API on Coinbase, a cryptocurrency trading platform. This vulnerability potentially allowed an attacker to make unlimited cryptocurrency trades between different currency accounts.

Posted on

API Security Issue 155

This week, we have a vulnerability in the BrewDog mobile app exposing users’ PII courtesy of hard-coded bearer tokens, Cisco has announced the arrival of their APIClarity at KubeCon 2021, F5 has published a report on API attacks in Open Banking, and finally, there’s a mega-guide on API security best practices.

Vulnerability: Hard-Coded API Bearer Token in Brewdog Mobile App


Posted on

5 Things to Do NOW for Apple App Tracking Transparency API

In the past few weeks and months, there has been a lot of talk and controversy around Apple’s new Tracking Transparency API.

The IDFA

The discussions center around access to the Identifier for Advertisers or the IDFA. The IDFA is an ID that allows apps and APIs to identify uniquely a user across multiple apps and websites.