Tag: API Attacks
JWT brings performance to identity assertion and is being widely adopted, but it’s also garnering the attention of cybercriminals. Source link lol
Read MoreOn Tuesday, December 8th, 2020, FireEye, a leading cybersecurity firm used by governments and companies for penetration testing and forensic services announced that it had been the target of an attack by nation-state actors “with top-tier offensive capabilities,” and that a suite of tools used by FireEye for penetration testing had been stolen. What do…
Read More
APIs and Sectors As more APIs are published, both by large enterprises who want to make their data more available (such as Google) and by smaller, industry-specific organizations hoping to generate value, some interesting industry patterns are also emerging. Of the organizations for which we had sector information, social networking organizations made up the largest…
Read MoreSo How Good Are Sectors for Predicting Risk? Based on these analyses, it appears that the answer is “not bad, but it depends.” On one hand, we can identify specific patterns that seem to map to characteristics about those sectors. We already knew that the Retail Trade sector is heavily targeted by attacks that are…
Read MoreAPIs Power Applications—and Pose Security Challenges Application programming interfaces (APIs) form the chassis for modern applications. They are interfaces to software components that developers use to integrate valuable information into their applications (like Google Maps in a rideshare app or YouTube videos into a webpage) and they are everywhere—even in security products. APIs are key…
Read MoreIntroduction In part one of this two-part series, we explained what web APIs are and how they work. In this article, we look at how APIs can pose risks to your data and infrastructure—and what you can do to secure them. In part one, we learned that web APIs (application programming interfaces) provide a way…
Read MoreAs you can see in Figure 1, six out of the 29 identified CVEs constituted the vast majority (96.7%) of the traffic, so much of our analysis is focused on them. CVE-2017-9841 was the most frequently targeted for the entire six-month period, fluctuating slightly but never enough to fall from the top spot. Below that,…
Read MoreFrom January to April 2023, Healthcare had the highest levels of unwanted Web automation. However, this automation saw a significant decrease in May 2023 before rebounding in June. The Hospitality industry has seen a steady increase in automation starting off as the eighth most targeted industry in January 2023 with 11.7% automation. This peaked in…
Read MoreIntroduction Much of the activity on the internet is automated, and quite a lot of it is specifically due to bots. Bots can be used for many purposes, but in this series of articles we’ll be looking at bots that create and use fake accounts. This first article looks at the motivations behind fake account…
Read MoreIntroduction Black Friday is a popular shopping event throughout the United States of America and around the world. During Thanksgiving weekend and Cyber Monday (the Monday after Thanksgiving), thousands of companies offer steep product discounts that are not available at any other time, and consumers rush to buy these items while they are available. This…
Read More