mreinbold +   87

Using Message Signatures to Ensure Secure Incoming Webhooks - Nexmo Developer Blog
In this post you'll see why enabling message signing on your inbound webhooks can help protect against timing attacks or malicious incoming data.
webhooks  lorna_mitchell  nexmo  security  netapinotes 
7 weeks ago by mreinbold
Researcher prints 'PWNED!' on hundreds of GPS watches' maps due to unfixed API | ZDNet
Over 20 GPS watch models still allow threat actors to track device owners, tinker with watch functions.
catalin_cimpanu  netapinotes  gps  security 
april 2019 by mreinbold
Thousands of API and cryptographic keys leaking on GitHub every day – Naked Security
Researchers have found that thousands of coders are leaving their crown jewels exposed on the popular source code repository.
danny_bradbury  netapinotes  github  security 
april 2019 by mreinbold
Fighting Fire with Fire: API Automation Risks | Threatpost
A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions.
tony_lauro  security  akamai  netapinotes 
march 2019 by mreinbold
Don’t Leave Your Doors Open - Secure Your APIs Now - Infosecurity Magazine
Organizations fail to effectively safeguard APIs and often see an influx of security threats as a result.
keith_casey  security  netapinotes 
february 2019 by mreinbold
How Does Your API Security Stand Up Against the 3 Most Common Attacks? | ProgrammableWeb
By 2022, Gartner predicts that API abuses will become the most common type of web application attack resulting in a data breach. When you consider that the average organization manages as many as 363 APIs, it's no surprise that gaps in API security represent such a significant threat  security  netapinotes  gartner 
february 2019 by mreinbold
learn-json-web-tokens/ at master · dwyl/learn-json-web-tokens · GitHub
:closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!) - dwyl/learn-json-web-tokens
jwt  security  json  authentication 
january 2019 by mreinbold
Notifying our Developer Ecosystem about a Photo API Bug - Facebook for Developers
Our team discovered and fixed a photo API bug that may have granted third-party access to Facebook Login user photos from September 13 to September 25, 2018.
tomer_bar  facebook  restapinotes  security 
december 2018 by mreinbold
GitHub - approov/shipfast-api-protection
Contribute to approov/shipfast-api-protection development by creating an account on GitHub.  restapinotes 
october 2018 by mreinbold
Mobile API Security Techniques – Hacker Noon
API keys and tokens play an important role in application security, but they have a fair number of gotchas to watch out for. We iteratively improve API security using good key and token practices.
skip_hovsmith  security  restapinotes 
october 2018 by mreinbold
Microservices Authentication & Authorization Best Practice
Services require authentication and authorization. In a microservices world you typically have a front-end gateway that manages connections from the outside world which then connect you to back-end…
michael_douglass  microservices  security  restapiotes 
july 2018 by mreinbold
Dan Gorelick
How to get info from any (public) transaction on Venmo

dan_gorelick  venmo  security 
july 2018 by mreinbold
OKCupid's Visitor API Provided Access to Users' Personal Information | ProgrammableWeb
​Last year, dating app OKCupid removed the ability for its users to view who had visited their profiles, but a developer this week revealed that visitor data had still been available via OKCupid's Visitor API. In a blog post, Zack Whipkey detailed how he was able to access detailed user information.
okcupid  restapinotes  zack_whipkey  GPS 
may 2018 by mreinbold
« earlier      
per page:    204080120160

related tags

18f  aadhaar  aaron_parecki  acm  air_canada  akamai  alissa_knight  amazon  andrea_scarpino  android  antony_garand  api  apidays  apis  auth0  authentication  automobile  banking  banks  brian_krebs  caroline_orr  cars  catalin_cimpanu  checkmarx  cms  csp  danny_bradbury  dan_gorelick  david_waite  dns  drupal  encryption  equifax  ericka_chickowski  facebook  finance  firmware  fisher-price  france  gartner  geolocation  github  gitlab  gmail  google  google+  google_home  gps  grindr  hack  hashes  hereo  IDORs  ietf  instagram  iot  java  joe_mckendrick  json  jwt  k-anonymity  keith_casey  kevin_sundstrom  kristopher_sandoval  lenovo  lisa_vaas  location  lorna_mitchell  mallory_locklear  mark_o'neal  mcdonalds  michael_douglass  microservices  moshe_shaham  netapinotes  netpolicynotes  nexmo  nick_lee  nicole_nguyen  nissan  nist  nodejs  nonces  oauth  okcupid  pandora  passwords  patricio_robles  ping  pokemon  polar  postgresql  privacy  projects  pumpup  rest  restapinotes  restapiotes  roy_olberg  RSA  russia  salesforce  sam_newman  sdks  security  shaun_nichols  single_page_apps  skandiabanken  skip_hovsmith  slack  slides  sms  spotify  ssl  starbucks  steve_graham  struts  swagger  swipebuster  t-mobile  target  tcp  tesla  tinder  tls  tomer_bar  tony_lauro  troy_hunt  twitter  USPS  venmo  video  webhooks  whitepaper  wordpress  xss  youtube  zack_whipkey  zack_whittaker  zdenek_nemec 

Copy this bookmark: