It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was…
The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll discuss what Orphan APIs are, why they matter, and how to regain control of your API portfolio. What Are Orphan APIs? Orphan APIs are endpoints that are part of the API specification but that are not requested in an application. This happens for a variety of reasons, such as being…
Shadow APIs can be defined as active endpoints that you are not aware of. Some APIs are deployed but never documented. Others are services that don’t have an owner anymore. Some are even old v2 versions that have been deprecated for years, yet still exposed. Long story short: these APIs are not documented and not in the API catalog. Yet, they pose a real threat as they can be vulnerable. What we see as a trend…
What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they are deprecated for almost a year? What else is exposed and you don’t even know? Are Swagger specs up to date? (Teaser: Surely not). A lot of questions, right? Meet Wallarm’s latest feature for API Discovery and Observability to better understand and protect your APIs in cloud-native environments – API Security Platform. What is Wallarm API Discovery?…