Blog Posts Tagged with "API"

18d2ccc39431a1f63d67dd3252263400

The Hidden Security Risks of Cloud APIs

December 02, 2016 Added by:Sam Rehman

With the inherent security flaws taken care of, cloud software can take full advantage of the benefits of APIs without exposing themselves or their clients to attack.

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Identity & Access Management: Give Me a REST

June 19, 2013 Added by:Simon Moffatt

RESTful architectures have been the general buzz of websites for the last few years. The simplicity, scalability and statelessness of this approach to client-server communications has been adopted by many of the top social sites such as Twitter and Facebook. Why? Well, in their specific cases, developer adoption is a huge priority.

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Software is Eating the World, And APIs are the Fuel For That

November 13, 2012 Added by:Ben Kepes

The cloud brings a level of agility that allows organization to be more nimble than before. Cloud powers workers in disparate geographies to collaborate on projects. Cloud enables the mobile provisioning of mass information in new ways. Cloud makes insights into vast stores of data more readily obtained...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

In Secure Programming, the Documentation Matters Too

June 28, 2012 Added by:Keith Mendoza

Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

No Copyrights on APIs: Judge Defends Interoperability and Innovation

June 18, 2012 Added by:Electronic Frontier Foundation

Judge Alsup, a coder himself, got it right when he wrote that “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API.” It's a pleasure to see a judge so fundamentally understand the technology at issue...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

I Hope Edo is Worth the Privacy Risk

May 16, 2012 Added by:Keith Mendoza

About a week ago, I read about this new daily deal service called edo that ties to your bank account, and the first thing that came to my mind is “uh oh, another attack vector into my bank info”. Here are a list of features that are those potential attack vectors...

Comments  (2)

B1c4090e84dcfac820a2b8ebe6eee82b

On the Underground Economy of Twitter Followers

May 06, 2012 Added by:Gianluca Stringhini

All Twitter Account Markets we analyzed offer both "free" and "premium" versions. While premium clients pay for their services, the free ones gain followers by giving away their Twitter credentials - a clever way of phishing - or by sending out "promoted" content, typically spam...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Mobile Applications Shouldn’t Roll Their Own Security

May 01, 2012 Added by:Brent Huston

Many of the applications being designed are being done so by scrappy, product oriented developers. This is not a bad thing for innovation - in fact just the opposite - but it can be a bad thing for safety, privacy and security...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Open, Closed, 1984 and the Evil Empire

March 22, 2012 Added by:Ben Kepes

I’m buoyed by the very existence of open API – technology that forces data interchange to become real. Sure there are ways vendors manipulate what should be open to achieve their aims, but the API is our equivalent of Excalibur – it has the ability to deliver us from evil...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Ubuntu 12.04 Will Bring OS-Level Security Options

March 14, 2012 Added by:Electronic Frontier Foundation

In the upcoming release on April 26, Ubuntu 12.04 is introducing operating system-wide settings that let you delete portions of your activity log, disable logging for specific types of files and applications, or disable activity logging altogether...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

IP Resolution Using Meterpreter’s Railgun

September 15, 2011 Added by:Rob Fuller

I saw a post back in June titled DNS Port Forwarding Con Meterpreter. It looked like hard work to set that up. I didn’t want to go through that every time I got onto a new network. So I made a simple meterpreter post module to just call a Windows API key called ‘gethostbyaddr’ using Railgun...

Comments  (4)

D8853ae281be8cfdfa18ab73608e8c3f

Railgun Error Checking

August 30, 2011 Added by:Rob Fuller

One important thing to note about Railgun is that you are querying the API, and just as if you were using C++, the API you are calling just might not be there on the system. So here is a quick trick to find out if a the function (API) that you are trying to call is available to you...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Microsoft: WebGL is Too Dangerous to Support

June 28, 2011 Added by:Bill Gerneglia

If there is one thing that Microsoft knows well, it is security holes in operating systems and device drivers. They have been heavily engaged in finding complex engineering solutions to solve some of the most difficult security compromises for more than 20 years. We should all listen to this warning...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Project Honeypot HTTP Blocklist Module

December 29, 2010 Added by:Rob Fuller

Project Honeypot does an amazing job at keeping detailed information on scanners / harvesters and brute forcers, the likes of which are the daily enemy of said admins. They offer a service called HTTP Block List or 'HTTP:BL'...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

W3C Buries Web SQL Database Standard

December 03, 2010 Added by:Rafal Los

Although I keep saying that things are most secure when they're simple the new specification is orders of magnitude more complex - more documentation, moving parts, bits - than the Web SQL Database which had security as a principle. What could possibly go wrong, right?

Comments  (0)