On May 29, 2023, a critical security vulnerability, identified as CVE-2023-34362, was published. Learn the details of this vulnerability, its implications, and recommendations for users to mitigate the risk.
This post details issues identified in a popular framework used by many online services to implement OAuth (as well as other functionality). Salt Labs findings show that services using this framework are susceptible to credentials leakage.
Salt Security shares insights on the initial release candidate for the API Security Top 10 2023.
Given the widespread usage of OAuth, any vulnerabilities found in its components or their implementations may lead to considerable security impact in the applications and services using them.
We chose to investigate the services provided by LEGO, perhaps the most famous toy manufacturer in the world – because we contend this example sheds light on the reality of quick adoption of APIs and the risks that can come with that fast pace.
Insights regarding two new vulns that have been uncovered in the OpenSSL library – CVE-2022-3602 and CVE-2022-3786. These vulnerabilities affect OpenSSL.
Like many other API breaches, the Optus security incident highlights the importance of dedicated API security.
The Salt Labs team helps customers and prospects discover vulnerabilities in their APIs. In this case, we investigated the platforms of a large US-based FinTech company.
The Salt Labs team looks to clear up some confusion, explain what Spring4Shell really is, share who might be impacted, and offer tips for mitigating your risk.
A Twitter user posted about a security flaw he "accidentally” found in Coinbase. Tweets like these have become popular with so many vulnerability discoveries shared. Read why this case was indeed special.
We’ve spotlighted the seven biggest API security incidents in 2021 that plagued many different companies of different sizes and across verticals and highlighted what we can take away from each event.
News of the recently discovered vulnerability called “Log4Shell,” “LogJam,” or its formal designation “CVE-2021-44228” has deservedly earned widespread attention. Learn what it is, how it works, and how to protect yourself.
Salt Labs researchers investigated a large B2B FinTech platform that offers financial services in the form of API-based mobile apps and SaaS to SMB and commercial brands.
Threat research report shares information to improve awareness around API security by detailing relevant attack patterns, technical details, and mitigation techniques for each vulnerability.
Researchers found Peloton APIs were leaking PII. Learn how to avoid this with your APIs.
While it is technically true that Experian’s systems weren’t directly breached, private data was most certainly leaked
Our discussion focuses on steps you can take for better API security, and we also include some interesting mobile security and cloud security aspects.
While the shutdown of Parler remains politically charged, the event offers some valuable technical lessons worth reviewing, many of which tie directly into API security and how best to protect sensitive data.