Subscribe to the Salt blog

Privacy Policy

Learn about the Salt + CrowdStrike Falcon integration

Learn more
Posts Tagged

Salt Labs

Subscribe to Salt blog

CVE-2023-34362 - Zero-Day Vulnerability Discovered in MOVEit Transfer is Exploited in the Wild by Cl0p Ransomeware – Here’s What you Need to Know

On May 29, 2023, a critical security vulnerability, identified as CVE-2023-34362, was published. Learn the details of this vulnerability, its implications, and recommendations for users to mitigate the risk.

Salt Labs
Salt Labs
June 14, 2023

Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

This post details issues identified in a popular framework used by many online services to implement OAuth (as well as other functionality). Salt Labs findings show that services using this framework are susceptible to credentials leakage.

Aviad Carmel
Aviad Carmel
May 24, 2023

Traveling with OAuth - Account Takeover on Booking.com

Given the widespread usage of OAuth, any vulnerabilities found in its components or their implementations may lead to considerable security impact in the applications and services using them.

Aviad Carmel
Aviad Carmel
March 2, 2023

Salt Customer Attack Case Study: Blocking a Low-rate-per-bot HTTP DDoS Attack

Relying on WAFs alone for API protection is insufficient and leaves companies vulnerable.

Eran Atias
Eran Atias
January 12, 2023

Missing Bricks: Finding Security Holes in LEGO APIs

We chose to investigate the services provided by LEGO, perhaps the most famous toy manufacturer in the world – because we contend this example sheds light on the reality of quick adoption of APIs and the risks that can come with that fast pace.

Shiran Yodev
Shiran Yodev
December 15, 2022

OpenSSL Vulnerability Analysis – Denial of Service and Remote Code Execution

Insights regarding two new vulns that have been uncovered in the OpenSSL library – CVE-2022-3602 and CVE-2022-3786. These vulnerabilities affect OpenSSL.

Salt Labs
Salt Labs
November 3, 2022

API Security Incidents Nearly Universal Finds Latest “State of API Security” Report

State of API Security Report data highlights a daunting scenario: exploding attack activity, insufficient existing practices, and teams ill-prepared to address API security.

Salt Labs
Salt Labs
August 3, 2022

4 Reasons Why Financial Services Companies Need Better API Security Now

In today’s digitalized financial services landscape, find out what's propelling an urgent need for better API security.

Jennifer Dignum
Jennifer Dignum
May 12, 2022

API Threat Research: Server-side Request Forgery on FinTech Platform Enabled Administrative Account Takeover

The Salt Labs team helps customers and prospects discover vulnerabilities in their APIs. In this case, we investigated the platforms of a large US-based FinTech company.

Salt Labs
Salt Labs
April 7, 2022

Spring4Shell – What Happened, Who’s Vulnerable, and How to Mitigate

The Salt Labs team looks to clear up some confusion, explain what Spring4Shell really is, share who might be impacted, and offer tips for mitigating your risk.

Salt Labs
Salt Labs
March 31, 2022

Companies are Struggling Against a 681% Increase in API Attacks, the Latest “State of API Security” Report Shows

Salt Security releases the latest findings of its bi-annual report on API security trends

Salt Labs
Salt Labs
March 2, 2022

The Log4Shell CVE-2021-44228 Vulnerability: What it is, how it works, and how to protect yourself

News of the recently discovered vulnerability called “Log4Shell,” “LogJam,” or its formal designation “CVE-2021-44228” has deservedly earned widespread attention. Learn what it is, how it works, and how to protect yourself.

Salt Labs
Salt Labs
December 11, 2021

API Threat Research: GraphQL Authorization Flaws in Financial Technology Platform

Salt Labs researchers investigated a large B2B FinTech platform that offers financial services in the form of API-based mobile apps and SaaS to SMB and commercial brands.

Salt Labs
Salt Labs
December 8, 2021

API Threat Research: Elastic Stack Misconfiguration Allows Data Extraction

Salt Labs researchers investigated a large business-to-consumer (B2C) online platform that provides API-based mobile applications and software as a service to millions of users globally. 

Salt Labs
Salt Labs
September 29, 2021

API Attacks up 348% in Six Months, per Latest “State of API Security” Report

The data makes it clear: more companies are suffering more API attacks than ever, and companies remain as ill-prepared as ever.

Salt Labs
Salt Labs
July 28, 2021

Formalizing our API Security Research with the Launch of Salt Labs

With the formal launch of Salt Labs, we will now take the time to document our findings publicly, after we follow responsible disclosure processes, so the broader industry can learn from our discoveries.

Roey Eliyahu
Roey Eliyahu
July 14, 2021

API Threat Research: Detailed Financial Records Exposed on Financial Services Platform

Threat research report shares information to improve awareness around API security by detailing relevant attack patterns, technical details, and mitigation techniques for each vulnerability.

Salt Labs
Salt Labs
July 14, 2021

Tags

API Attack Analysis
API Attack Methodology
API Attack Prevention
API Security 101
API Security Strategy
API Vulnerability Analysis
Awards
CISO
Company Updates
Compliance
Customers
Events
Financial Services
Insurance
OWASP API Top 10
Product Updates
Research
Salt Labs
Technology Partners
Video
Webinar
eBook
Clear filters

Posts by

Adam Fisher
Ahuvy Mrad
Aviad Carmel
Brett Robinson
Chris Westphal
Elad Koren
Eran Atias
Gilad Barzilay
Gilad Gruber
Hadar Freehling
Jennifer Dignum
Jon Peppler
Mandy Kelley
Michael Isbitski
Michael Nicosia
Michael Porat
Michelle McLean
Nick Rago
Ori Bach
Ran Barth
Renee Hollinger
Roey Eliyahu
Salt
Salt Labs
Salt Technical Engineering
Sara Tierno
Shiran Yodev
Stephanie Best
Sunil Dutt
Technical Engineering
Yaniv Balmas