Security Zeitgeist: Unprotected APIs are at high-risk and should be protected by enforcing API Security Policies

API Security

Subscribe to API Security: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get API Security: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


api security Authors: Elizabeth White, SmartBear Blog, Mamoon Yunus, Stackify Blog, Pat Romanski

Related Topics: API Security

api security: Blog Feed Post

API Security - From the Kardashians to OAuth 2.0 in two easy steps

If you've been keeping up with the Kardashians, you may have heard of their API breach which exposed the names and email addresses of 600,000 users. 

Kevin Montgomery at Wired covered the story last month, and noted that "Hacking into Private APIs isn't hard to do". As he notes:
Many tech heavyweights, including Telsa, Airbnb, Uber, and Tinder, have seen private APIs reverse engineered. This usually leads to small headaches, like seeing scores of developers build Tinder bots that automatically “swipe right” on every profile. But sometimes supposedly private APIs expose sensitive user information and data.
So what can be done about API Security issues? On October 27, I'll be (virtually) sitting down with API security expert Gunnar Peterson as he explains how APIs are vulnerable to attack, and what you can do to protect against these threats. We'll be talking about API Keys, the OWASP Top Ten, and, yes, OAuth 2.0. Depending on where you are in the world, join us at either of the times below:

Taking the Threat Out of APIs:
Top 10 Threat Protection Best Practices for API Security 
Tuesday, October 27, 2015

Gunnar PetersonArctec Group

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.