API Security Weekly

This week, we take a look at how out-of-date library compromises login to Twitter, how simple parameter switch gave access to over 150 million JustDial user accounts, and how holes in API security can lead a business to give out uncontrolled freebies. In addition, there is an update on Google’s decision to change the access to their Nest smarthome platform and why this has happened.

You may also like: 
Introduction to REST API Security Guidelines

Vulnerability: TwitterKit for iOS API SDK

Appicaptor has revealed that applications using the TwitterKit for iOS library to access Twitter API are vulnerable to man-in-the-middle attacks. Both Twitter access and Login with Twitter scenarios are vulnerable because the API does not properly validate the TLS certificate for api.twitter.com.




Source link