Subscribe to the Salt blog

Privacy Policy

Learn about the Salt + CrowdStrike Falcon integration

Learn more
Posts Tagged

API Vulnerability Analysis

Subscribe to Salt blog

CVE-2023-34362 - Zero-Day Vulnerability Discovered in MOVEit Transfer is Exploited in the Wild by Cl0p Ransomeware – Here’s What you Need to Know

On May 29, 2023, a critical security vulnerability, identified as CVE-2023-34362, was published. Learn the details of this vulnerability, its implications, and recommendations for users to mitigate the risk.

Salt Labs
Salt Labs
June 14, 2023

Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

This post details issues identified in a popular framework used by many online services to implement OAuth (as well as other functionality). Salt Labs findings show that services using this framework are susceptible to credentials leakage.

Aviad Carmel
Aviad Carmel
May 24, 2023

Top Changes in the OWASP API Security Top 10 2023RC

Salt Security shares insights on the initial release candidate for the API Security Top 10 2023.

Yaniv Balmas
Yaniv Balmas
March 12, 2023

Traveling with OAuth - Account Takeover on Booking.com

Given the widespread usage of OAuth, any vulnerabilities found in its components or their implementations may lead to considerable security impact in the applications and services using them.

Aviad Carmel
Aviad Carmel
March 2, 2023

Missing Bricks: Finding Security Holes in LEGO APIs

We chose to investigate the services provided by LEGO, perhaps the most famous toy manufacturer in the world – because we contend this example sheds light on the reality of quick adoption of APIs and the risks that can come with that fast pace.

Shiran Yodev
Shiran Yodev
December 15, 2022

OpenSSL Vulnerability Analysis – Denial of Service and Remote Code Execution

Insights regarding two new vulns that have been uncovered in the OpenSSL library – CVE-2022-3602 and CVE-2022-3786. These vulnerabilities affect OpenSSL.

Salt Labs
Salt Labs
November 3, 2022

How a Common API Vulnerability Might Have Cost Telco Optus $1 Million

Like many other API breaches, the Optus security incident highlights the importance of dedicated API security.

Adam Fisher
Adam Fisher
September 27, 2022

API Threat Research: Server-side Request Forgery on FinTech Platform Enabled Administrative Account Takeover

The Salt Labs team helps customers and prospects discover vulnerabilities in their APIs. In this case, we investigated the platforms of a large US-based FinTech company.

Salt Labs
Salt Labs
April 7, 2022

Spring4Shell – What Happened, Who’s Vulnerable, and How to Mitigate

The Salt Labs team looks to clear up some confusion, explain what Spring4Shell really is, share who might be impacted, and offer tips for mitigating your risk.

Salt Labs
Salt Labs
March 31, 2022

Understanding the Coinbase API Vulnerability

A Twitter user posted about a security flaw he "accidentally” found in Coinbase. Tweets like these have become popular with so many vulnerability discoveries shared. Read why this case was indeed special.

Salt Labs
Salt Labs
February 22, 2022

Recap: The 7 Biggest API Security Incidents in 2021

We’ve spotlighted the seven biggest API security incidents in 2021 that plagued many different companies of different sizes and across verticals and highlighted what we can take away from each event.

Michael Isbitski
Michael Isbitski
December 21, 2021

The Log4Shell CVE-2021-44228 Vulnerability: What it is, how it works, and how to protect yourself

News of the recently discovered vulnerability called “Log4Shell,” “LogJam,” or its formal designation “CVE-2021-44228” has deservedly earned widespread attention. Learn what it is, how it works, and how to protect yourself.

Salt Labs
Salt Labs
December 11, 2021

API Threat Research: GraphQL Authorization Flaws in Financial Technology Platform

Salt Labs researchers investigated a large B2B FinTech platform that offers financial services in the form of API-based mobile apps and SaaS to SMB and commercial brands.

Salt Labs
Salt Labs
December 8, 2021

API Threat Research: Detailed Financial Records Exposed on Financial Services Platform

Threat research report shares information to improve awareness around API security by detailing relevant attack patterns, technical details, and mitigation techniques for each vulnerability.

Salt Labs
Salt Labs
July 14, 2021

The Peloton API Security Incident - What Happened and How You Can Protect Yourself

Researchers found Peloton APIs were leaking PII. Learn how to avoid this with your APIs.

Michael Isbitski
Michael Isbitski
May 13, 2021

The Experian API Security Incident - What Happened and How can you Protect Yourself

While it is technically true that Experian’s systems weren’t directly breached, private data was most certainly leaked

Michael Isbitski
Michael Isbitski
May 5, 2021

Understanding the Security Impacts of the iPhone Call Recording App Vulnerability

Our discussion focuses on steps you can take for better API security, and we also include some interesting mobile security and cloud security aspects.

Michael Isbitski
Michael Isbitski
March 18, 2021

Unpacking the Parler Data Breach

While the shutdown of Parler remains politically charged, the event offers some valuable technical lessons worth reviewing, many of which tie directly into API security and how best to protect sensitive data.

Michael Isbitski
Michael Isbitski
January 21, 2021

Lessons Learned – USPS API Vulnerability and 60 Million Exposed Users

You’ve probably seen the news about the USPS vulnerability where an attacker with simple access to usps.com, an understanding of the API logic, and no special tools could easily manipulate that logic to get a dump of data.

Chris Westphal
Chris Westphal
November 28, 2018

Tags

API Attack Analysis
API Attack Methodology
API Attack Prevention
API Security 101
API Security Strategy
API Vulnerability Analysis
Awards
CISO
Company Updates
Compliance
Customers
Events
Financial Services
Insurance
OWASP API Top 10
Product Updates
Research
Salt Labs
Technology Partners
Video
Webinar
eBook
Clear filters

Posts by

Adam Fisher
Ahuvy Mrad
Aviad Carmel
Brett Robinson
Chris Westphal
Elad Koren
Eran Atias
Gilad Barzilay
Gilad Gruber
Hadar Freehling
Jennifer Dignum
Jon Peppler
Mandy Kelley
Michael Isbitski
Michael Nicosia
Michael Porat
Michelle McLean
Nick Rago
Ori Bach
Ran Barth
Renee Hollinger
Roey Eliyahu
Salt
Salt Labs
Salt Technical Engineering
Sara Tierno
Shiran Yodev
Stephanie Best
Sunil Dutt
Technical Engineering
Yaniv Balmas