Posted on

API Security Weekly: Issue 167

This week, we have a long-standing vulnerability on a public-facing internal API on Uber, which allowed attackers to spoof emails. In addition, there’s an article by NordicAPIs on the RapidAPI report on the rise of partner-facing APIs, IBM’s views on the API security risk posed by the growth in omnichannel APIs, and finally (another) awesome API security mega guide.

Vulnerability: Uber Bug Allows Attackers to Spoof Emails

ThreatPost featured details of a vulnerability on a public-facing internal API on Uber allowing attackers to spoof emails so that they would appear to be from Uber.

Posted on

STRIDE Threat Modeling: What You Need to Know

Threat modeling is the ultimate shift left approach. It can be used to identify and eliminate potential vulnerabilities before a single line of code is written. Employing threat modeling methodologies should be your first step toward building networks, systems, and applications that will be secure by design.  STRIDE is a model of threats that can be used as a framework in ensuring secure application design.

STRIDE - Threat Modeling Methodology

STRIDE threat modeling

Posted on

REST API Security Vulnerabilities

Simple, schematic, faster to develop, and quick deployments make APIs so popular and widely used. So, naturally, it brings various challenges to maintain its implementations and keep them secured from various threats, such as Man-in-the-Middle attacks, lack of XML encryptions, insecure endpoints, API URL parameters, and so on.

REST API has similar vulnerabilities as a web application. In this article, we will present a few common API vulnerabilities that every developer should be aware of and on the lookout for in their code.