What ChatGPT know about API Security?

There is no doubt that you heard about and seen the latest OpenAIs brilliant called ChatGPT. It can write poems, speak many languages, answer questions, play chess, make code and impress everyone. In this post, we show a few more of how this AI model is good in cybersecurity, in particular in API...

Can ChatGPT be used to attack your APIs? | API Security Newsletter

The winter solstice is fast approaching, along with the end-of-year holidays - before we know it, itll be 2023 already! And with the fall behind us, our hive has been busy putting the finishing touches on many new and improved capabilities – such as weak JWT detection, API Abuse Prevention, API...

Why is Robust API Security Crucial in eCommerce?

API attacks are on the rise. One of their major targets is eCommerce firms like yours. APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world. ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owi...

PT-2022-27551 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the account parameter at the "/goform/addUserName" API endpoint. This issue affects the Tenda W30E device. Recommendations: For Tenda W30E version...

2023 Predictions: API Security the new Battle Ground in Cybersecurity

The adoption of application programming interfaces, more commonly known as APIs, has increased dramatically in recent years. In many ways, APIs are now the backbone of the Internet. The reason? APIs are an essential component of digital transformation, enabling applications, containers, and...

CVE-2022-46684

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting XSS vulnerability...

How the Modern Data Landscape Made the Traditional Cybersecurity Approach Obsolete

From the news headlines, we know that data breaches are on the rise - both in frequency and scale. While this reality is unsettling, it’s not surprising. That is because the volume of data being collected and stored by organizations continues to grow exponentially each year. Every day, the global...

CVE-2022-46156

CVE-2022-46156 : Grafana’s Synthetic Monitoring Agent (pre-0.12.0) exposes an authentication token via a debugging endpoint, enabling retrieval of user checks bound to that token. Access does not guarantee checks due to API denying connections from already-connected agents, but token exposure sti...

Expanding API Security Awareness at API World

API security should be a primary concern for organizations. Learn about the three principles of APIs to help protect against attacks...

CVE-2022-24189

CVE-2022-24189 affects the Ourphoto App v1.4.1, where the user_token authorization header on /apiv1/* endpoints is not implemented correctly. Removing the header value causes all requests to succeed, bypassing authorization and session management, enabling an attacker to make POST API calls using...

Four Steps: Effective API Security Using a Digital Bonding Strategy

Focus on API security as part of your digital bonding strategy, because APIs are already connecting your business activities...

GraphQL Security: The Next Evolution in API Protection

GraphQL is an open-source data query and manipulation language that can be used to build application program interfaces APIs. Since its initial inception by Facebook in 2012 and subsequent release in 2015, GraphQL has grown steadily in popularity. Some estimate that by 2025, more than 50% of...

Top 5 API Security Myths That Are Crushing Your Business

There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bea...

PT-2022-24036

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 3.1.8 Description The issue is related to Cross-site Scripting XSS - Reflected. This means an attacker can inject malicious scripts into a website, which will then be executed by the user's browser. The estimated...

CVE-2022-3732

seccome Ehoney contains a SQL injection vulnerability in /api/v1/bait/set triggered by manipulating the Payload argument. The issue affects an unknown functionality and can be exploited remotely. CVSS data indicates high/severe impact across confidentiality, integrity, and availability (up to 9.8...

Wallarm at API World and KubeCon 2022 this week

This is a busy week for the whole Wallarm team as we are sponsoring two big conferences at the very same time. API World 2022 Wallarm will be at API World in San Jose starting today. Stop by booth 209 to chat with our apisecurity experts about everything APIs, and check out a demo of Wallarm WAAP...

Evolution of API Security – A Practical Guide to Addressing API Threats in 2023

The kind of API security scenarios we witnessed today were never like this from the beginning of time. It has gone to extra lengths to become responsive and productive as it’s now. How was it in the beginning? What changes has it faced? What more can we expect in the future? If this is what bothe...

Plaintext storage of tokens in pulp_ansible

The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...

CVE-2022-35267

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

CVE-2022-35266

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...