It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was…
The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll discuss what Orphan APIs are, why they matter, and how to regain control of your API portfolio. What Are Orphan APIs? Orphan APIs are endpoints that are part of the API specification but that are not requested in an application. This happens for a variety of reasons, such as being…
What’s hiding in the shadows? It’s a well understood reality that unmanaged IT assets tend to be unmonitored IT assets, and that both introduce risk. Whether it’s a forgotten about application, or an unmanaged cloud storage volume, you can’t protect what you don’t know about. Attackers thrive on this fact, and specifically seek out such assets as points of entry. This is why it’s included in the OWASP APIsec Top-10 in the Improper Assets Management…