Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 17 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Moonpig incident shows "poor state" of API security

by The Gurus
January 9, 2015
in Editor's News
Share on FacebookShare on Twitter

The disclosed API vulnerability in Moonpig is indicative of an area that is poorly documented, insufficiently logged, and routinely overlooked in security testing.
 
According to Trey Ford, global security strategist at Rapid7, APIs have been an area of concern in the cyber security community for years.
 
“An internet exposed API (Application Program Interface) is serving requests from the public internet,” he said. “This is further complicated by different developers using and expanding the API in unexpected ways. Moonpig, like many other organisations should be, is taking a hard look at the security of their APIs.”
 
In an email to IT Security Guru, Ford said that API attacks are inevitable, as it hasn’t yet been 90 days since photos were stolen over the Snapchat API. “Social media and mobile application APIs have been under constant attack as many APIs were never intended to be made publicly available,so they lack the security considerations anyone would expect of a service exposed to the public internet,” he said.
 
“This is further complicated by the fact that APIs have notoriously poor logging, which means companies are often blind to how those services are being used and abused.”
 
Ford also claimed that APIs are also hard(er) to test as unlike a website that can be crawled by a spider following links all over the page, few APIs have well documented, programmatic definitions. “This means that testing an API can be a time intensive, arduous process requiring the expensive attention of a specialist for each assessment,” he said.
 
Asked if the security of APIs is something that should fall under a vulnerability scan process, and therefore not something that is a regular occurrence, Ford said that testing APIs is considerably harder than standard websites, in that identifying the range of functionality and finding all the nooks and crannies in the code can be considerably harder than a website that is programmatically crawled.

FacebookTweetLinkedIn
Tags: API. TestVulnerability
ShareTweetShare
Previous Post

Through the barricades

Next Post

Predicting 2015 – Flaws get bigger and badder

Recent News

Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)

Armis Launches new ‘Critical Infrastructure Protection Program’

May 17, 2022
jigsaw

Thanos and Jigsaw ransomware linked to 55 year old doctor

May 17, 2022
Google logo

Italian police thwart Eurovision cyberattack

May 17, 2022
nuclear power stack

UK announces nuclear cybersecurity strategy

May 16, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information