Leaky API

Toppling the App Jenga Tower – Pulling the API Parameter Piece

Toppling the App Jenga Tower – Pulling the API Parameter Piece

Today’s enterprise applications very much resemble the tower with a myriad of services and their instances each glued together by APIs much like the wooden blocks. Un-aware to the enterprise is the fact that it doesn't take much for an adversary to break these APIs if they know the right piece to pull. One such piece is the API parameter. The entire App Tower would sometimes crumble when a single piece is pulled, as in the case of Fiserv Inc. flaw. Even the prestigious Blackhat conference was shown to be vulnerable