This week, we look into the recent API vulnerabilities at Facebook and the campaing apps for US presidential election, a new book on the OpenAPI Specification (OAS), and a guest post by API security trainer Mohammed Aldoub on how to build APIs that are easy to defend against attackers.
Vulnerability: Facebook
Marcos Ferreira found a Broken Object-Level Authorization (BOLA/IDOR) vulnerability in Facebook’s GraphQL API. The vulnerability allowed anyone to change the URL of a Facebook Page (so not your Facebook profile or user account), and then take over the old URL.
from DZone.com Feed https://ift.tt/3i1VEV4
No comments:
Post a Comment