View from Peter Lancos, CEO
"Welcome to eXate's Global Data Diaries. This week we will focus on API security and its importance in today’s API-centric world."
Technology advancements have made the entire world available at our fingertips. In just a matter of moments, we are able to access information, make purchases or chat with anyone, anywhere and at anytime. It is APIs that make this possible. Considering the fact that they connect the entire globe, it is no surprise that they exchange large amounts of information. By 2022, API abuses will become the most frequent attack vector, predicts Gartner. For hackers, data exchanged through APIs are the lowest hanging fruit.
Some of the reasons API attacks have increased include:
APIs are pervasive
The value of APIs and Data has risen
There is a lack of API security awareness
Traditional IT security measures do not suffice
Many API catalogues are unknown/ Organisations do not know what APIs they are using
Most APIs are vulnerable to security attacks
Securing the information that is channelled via these APIs is absolutely vital. One of these solutions, the DataSecOps principles, are the brainchild of eXate. These principles target API security at its very core, integrating Data, Security and Operations.
WordPress 5.8.1 security patch, API botnet attacks report, articles on API tokens and API discovery
APISecruity we have details on the security patch in WordPress 5.8.1 fixing an issue on the REST API, a report on the rise of botnet attacks on APIs, an article on everything you need to know about API tokens, and thoughts on API discovery.
AWS CloudFront API: Research reveals ‘leak’ of partial account IDs
Amazon Web Services (AWS), has claimed that a partial data ‘leak’ in an API, discovered by a security researcher, is not a bug but is “expected behavior”.
On July 9, Arkadiy Tetelman, head of application and infrastructure security at Chime, released details of the issue in a blog post, which he said could be used to obtain “partial AWS account IDs for any CloudFront website”.
Judge in UK rules Amazon Ring doorbell audio recordings breach data protection law
A judge in England has ruled that an Amazon Ring doorbell's functions broke the Data Protection Act after a neighbour dispute, over claims of a gang of armed robbers trying to steal an Audi, ended up in court.