It’s extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.
On May 29, 2023, a critical security vulnerability, identified as CVE-2023-34362, was published. Learn the details of this vulnerability, its implications, and recommendations for users to mitigate the risk.
This post details issues identified in a popular framework used by many online services to implement OAuth (as well as other functionality). Salt Labs findings show that services using this framework are susceptible to credentials leakage.
Given the widespread usage of OAuth, any vulnerabilities found in its components or their implementations may lead to considerable security impact in the applications and services using them.
Relying on WAFs alone for API protection is insufficient and leaves companies vulnerable.
We chose to investigate the services provided by LEGO, perhaps the most famous toy manufacturer in the world – because we contend this example sheds light on the reality of quick adoption of APIs and the risks that can come with that fast pace.
Insights regarding two new vulns that have been uncovered in the OpenSSL library – CVE-2022-3602 and CVE-2022-3786. These vulnerabilities affect OpenSSL.
State of API Security Report data highlights a daunting scenario: exploding attack activity, insufficient existing practices, and teams ill-prepared to address API security.
In today’s digitalized financial services landscape, find out what's propelling an urgent need for better API security.
The Salt Labs team helps customers and prospects discover vulnerabilities in their APIs. In this case, we investigated the platforms of a large US-based FinTech company.
The Salt Labs team looks to clear up some confusion, explain what Spring4Shell really is, share who might be impacted, and offer tips for mitigating your risk.
Salt Security releases the latest findings of its bi-annual report on API security trends
News of the recently discovered vulnerability called “Log4Shell,” “LogJam,” or its formal designation “CVE-2021-44228” has deservedly earned widespread attention. Learn what it is, how it works, and how to protect yourself.
Salt Labs researchers investigated a large B2B FinTech platform that offers financial services in the form of API-based mobile apps and SaaS to SMB and commercial brands.
Salt Labs researchers investigated a large business-to-consumer (B2C) online platform that provides API-based mobile applications and software as a service to millions of users globally.
The data makes it clear: more companies are suffering more API attacks than ever, and companies remain as ill-prepared as ever.
With the formal launch of Salt Labs, we will now take the time to document our findings publicly, after we follow responsible disclosure processes, so the broader industry can learn from our discoveries.