API Security Newsletter

Subscribe to the weekly API Security Newsletter

By clicking Subscribe you agree to our Data Policy

Subscribe to the weekly API Security Newsletter

By clicking Subscribe you agree to our Data Policy

Get live news from our twitter feed

According to a survey by @radware, on average a successful cyberattack these days costs enterprises $1.1 mln in direct costs and $1.67 mln with indirect (52% higher than a year ago), 37% enterprises reported reputation loss following an attack. https://t.co/ZOYGmOU2kb

According to @NadavAvital from @Imperva threat research team, 264 new API vulnerabilities were reported in 2018 - an increase of 23% from the 214 vulnerabilities reported in 2017. Percentage-wise, this is a smaller increase than the 56% in 2017 from 2016: https://t.co/1q6oc83Dc9

An #OAuth breach in #Fortnite: an old unused subdomain had a misconfigured WAF & SQL injection, and SSO API didn't verify parameters, so @_CPResearch_ could inject an XSS script and steal login tokens from users clicking a link. https://t.co/vTGqEt7JZa

Weekly API Security Newsletter issue #14 is out. Main stories by @noamr / @safetydet, @SkipHovsmith, @dangoodin001 / @arstechnica, @TechJournalist / @eWEEKNews, @bernardh_ / @programmableweb, @PenTestPartners https://t.co/avBNwPCioH

A combination of API vulnerabilities at #Amadeus and #ElAl allowed @noamr from @safetydet to use brute-force enumeration to retrieve airline ticket reservation codes, then extract passenger details, then change reservations. https://t.co/5k1eICswML via @TheHackersNews

Have feedback or a story to share? Get in touch.