Salt Security releases its first industry-specific report on API security: the 2023 “State of API Security for Financial Services and Insurance.”
On May 29, 2023, a critical security vulnerability, identified as CVE-2023-34362, was published. Learn the details of this vulnerability, its implications, and recommendations for users to mitigate the risk.
This post details issues identified in a popular framework used by many online services to implement OAuth (as well as other functionality). Salt Labs findings show that services using this framework are susceptible to credentials leakage.
Given the widespread usage of OAuth, any vulnerabilities found in its components or their implementations may lead to considerable security impact in the applications and services using them.
Relying on WAFs alone for API protection is insufficient and leaves companies vulnerable.
We chose to investigate the services provided by LEGO, perhaps the most famous toy manufacturer in the world – because we contend this example sheds light on the reality of quick adoption of APIs and the risks that can come with that fast pace.
As attackers have jumped on the API bandwagon, API threats have also changed, contributing further to the risks and demanding a new approach to protect APIs.
State of API Security Report data highlights a daunting scenario: exploding attack activity, insufficient existing practices, and teams ill-prepared to address API security.
The Salt Labs team helps customers and prospects discover vulnerabilities in their APIs. In this case, we investigated the platforms of a large US-based FinTech company.
Salt Security releases the latest findings of its bi-annual report on API security trends
News of the recently discovered vulnerability called “Log4Shell,” “LogJam,” or its formal designation “CVE-2021-44228” has deservedly earned widespread attention. Learn what it is, how it works, and how to protect yourself.
Salt Labs researchers investigated a large B2B FinTech platform that offers financial services in the form of API-based mobile apps and SaaS to SMB and commercial brands.
Salt Labs researchers investigated a large business-to-consumer (B2C) online platform that provides API-based mobile applications and software as a service to millions of users globally.
The data makes it clear: more companies are suffering more API attacks than ever, and companies remain as ill-prepared as ever.
With the formal launch of Salt Labs, we will now take the time to document our findings publicly, after we follow responsible disclosure processes, so the broader industry can learn from our discoveries.