VRB News
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
VRB News
No Result
View All Result
Home IT news

API tricks move into the security focus

admin by admin
July 7, 2021
in IT news
0
API tricks move into the security focus
0
SHARES
8
VIEWS
Share on FacebookShare on Twitter

Trouble with interfaces API tricks move into the security focus

Intercepting traffic via APIs, identifying backend servers and business logic, and then working out potential gaps to attack: Hackers are increasingly working with bots, and a report by Barracuda suggests a professionalization of cybercriminals.

Companies on the topic

Around APIs, savvy hackers have some tricks in store.Around APIs, savvy hackers have some tricks in store.

(Picture: ra2 studio – stock.adobe.com)

Most apps are developed “API-first” these days. Putting the interfaces in the foreground usually leads to the fact that it can be “released” faster, practice shows. Another app trend is single page applications, i.e. apps that consist of a single HTML document and whose content is dynamically loaded. They are designed for mobile browsers and only simulate mobile apps without the need to install one.

Where is the business logic?

Tushar Richabadas, Product Marketing Manager, Application Security at Barracuda Networks, highlights the differences: “In a web application, the browser is an intermediary. He speaks to the application, and the latter performs certain actions based on the user’s request and responds to him through the browser. All the business logic is hidden in the application, and most of the attacks are known.”In the API-based application, data is queried via the API and then the business logic is executed on the end-client device based on this,” says Richabadas.

When someone intercepts the API traffic, they can identify the backend server, figure out the logic and perform various checks to identify vulnerabilities and attack the system.

Data theft

APIs thus allow direct access to a lot of sensitive information. “Your bank API can provide access to sensitive private data, and an insufficiently protected API allows attackers to retrieve this information en masse,” says the security specialist. Cybercriminals are literally looking for open APIs. Very often you see companies that expose their test APIs with access to production data on the Internet. Once cybercriminals have discovered them, this can cause great damage, warns the manager.

Finding vulnerabilities

Another problem is APIs that are insufficiently protected. It is relatively easy to test APIs, for example to see if they enforce a rating limit, explains Richabadas and advises IT security teams to first follow the OWASP (Open Web Application Security Project) top 10 recommendations on API Security of the ten most frequently exploited vulnerabilities to strengthen their defense. In this context, he recalls the massive data leaks, such as the vulnerability discovered in 2019 at T-Mobile.

A multi-layered defense with protections against bot, API and supply chain attacks is the best way to respond to these accumulating attacks.

Report by Barracuda

In his paper “The state of application security in 2021”, Barracuda took a closer look at application security. On average, more than two-thirds (72 %) of respondents were attacked at least once in the last twelve months. At 44 percent, bot attacks have overtaken traditional attacks via zero-day vulnerabilities and the top 10 vulnerabilities of the Open Web Application Security Project and have now become the most common attack vector.

The report shows that organizations are often attacked through their web applications. Almost half of the respondents, 46 percent, suffered a security breach several times and another 26 percent at least once. In addition to the frequency of attacks, Richabadas surprised the result of the survey that bot attacks seem to be increasingly difficult to repel in practice.

(ID: 47495401)

Previous Post

The question is not if, but how!

Next Post

Observability in hybrid Multi-clouds

admin

admin

Related Posts

IT news

Oculus releases SDK 0.4.3 with Linux support

August 16, 2022
Monero
IT news

Monero: Privacy Coin Performs Hard Fork

August 16, 2022
Elvira Nabiullina, Chefin der Russischen Zentralbank.
IT news

Russia wants to introduce its own CBDC nationwide by 2024

August 15, 2022
Dangerous Data Fishing: Phishing has many faces
IT news

Dangerous Data Fishing: Phishing has many faces

August 15, 2022
IT news

Lunar Flight can now be played with the DK2

August 15, 2022
Next Post
Observability in hybrid Multi-clouds

Observability in hybrid Multi-clouds

Premium Content

Citi Report: The Bitcoin & Crypto Liquidity Crisis Is Over

Citi Report: The Bitcoin & Crypto Liquidity Crisis Is Over

July 26, 2022

OCS received the “Premier” status

August 14, 2020
WalkinVR utility SteamVR for people with disabilities

WalkinVR utility SteamVR for people with disabilities

August 14, 2020

Browse by Category

  • Games
  • IT news
  • Tech
  • World
VRB News

VRB News is ready to cooperate with webmasters and content creators. Send an email to info@virtualrealitybrisbane.com

Categories

  • Games
  • IT news
  • Tech
  • World

Recent Posts

  • Oculus releases SDK 0.4.3 with Linux support
  • Monero: Privacy Coin Performs Hard Fork
  • Russia wants to introduce its own CBDC nationwide by 2024

© 2021 - The project has been developed ServReality

No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact

© 2021 - The project has been developed ServReality

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?