API Security

A Case for Securing API Actions. What Words of Wisdom Two Thousand Years Ago Can Teach Us About APP Security

A Case for Securing API Actions. What Words of Wisdom Two Thousand Years Ago Can Teach Us About APP Security

Confucius taught us more than 2000 years ago: “Listen to his claims, but watch his actions.” Things are not what they claim to be. Such words of wisdom speak volume in light of the most recent Facebook access token leak.  

According to one of Facebook’s blog, a large number of access tokens were potentially stolen by hackers due to vulnerabilities in the “View As” feature. Facebook executives offered more details according to this TechCrunch report.

Toppling the App Jenga Tower – Pulling the API Parameter Piece

Toppling the App Jenga Tower – Pulling the API Parameter Piece

Today’s enterprise applications very much resemble the tower with a myriad of services and their instances each glued together by APIs much like the wooden blocks. Un-aware to the enterprise is the fact that it doesn't take much for an adversary to break these APIs if they know the right piece to pull. One such piece is the API parameter. The entire App Tower would sometimes crumble when a single piece is pulled, as in the case of Fiserv Inc. flaw. Even the prestigious Blackhat conference was shown to be vulnerable