Issue 263: Trellix & Aviatrix API exploits, API risks in education, API configuration bugs & secure coding practices

This week, we have an interesting article on the dangers of API integrations in the education sector, and we cover recent incidents involving API vulnerabilities in two popular security platforms from Trellix and Aviatrix. We highlight a recent article by NordicAPIs on API misconfiguration vulnerabilities, and we share a useful list of recommended coding practices […]

Read More…

Issue 262: API incidents in Invoice Ninja, McDonald’s & Truecaller apps, Jetbrains survey, Postman data leaks

This week, we examine three recent API security incidents, uncovering valuable lessons to help you protect your APIs. We also highlight key insights from Jetbrains’ comprehensive developer survey, and explore an article on how teams inadvertently leak API keys and tokens through their Postman workspaces and what you can do about it.  Breach: Black-listing fails […]

Read More…

Issue 254: WhatsApp and IBM WebMethods vulnerabilities, 3rd-party API and LLM risks, API access controls

This week, we investigate a recent flaw in WhatsApp’s View Once privacy feature and also critical vulnerabilities reported in the IBM WebMethods integration platform. We highlight a NordicAPIs article on the risks from third-party API and LLMs, and an article on solving the challenges of fine-grained access control for APIs. There’s also an interesting webinar […]

Read More…

Issue 246: Critical flaw in API portal, securing GraphQL, building bulletproof APIs

This week, we have news of a critical flaw with a popular API portal. We also have guides on securing GraphQL APIs and building bulletproof APIs and news of a new deliberately vulnerable API application. We also have an article on why fraud detection and API security must converge. Dana Epp wraps things up with […]

Read More…