Aggregator

某黑产组织捆绑VPN和TG等安装程序进行攻击活动

C#自删除代码、Cnext项目漏洞、勒索软件利用ESXi漏洞、规则探索者项目介绍、Outlook注册表C2代理及Specula框架恶意软件操作.

iPhone 16 或无缘出厂搭载苹果AI功能；比亚迪方程豹全系降价 5 万；丰田汽车董事长：如果支持率继续下滑，职位可能不保

Risk and Reward of APIs and Third-Party Connectors in the Cloud

7 min read·Just now

--

A Security Operations (#SecOps) and Engineering Commentary from industry insider Rohan Bafna , SecOps Engineer.

Third-party connectors through an Application Programming Interface (API) and other means remain essential for cloud expansion and functionality. As more organizations transform their businesses by moving their operations and applications to the cloud, there is a greater need for third-party integration to cloud infrastructures, security architectures, and applications.

As the world and technology industry continues to decode the effects of the CrowdStrike and Microsoft outage, the risk of human error configuring third-party connections and native integrations will always happen. Even with AI-assisted automated programming and machine learning, mistakes in design, testing, and configuration will happen.

That is the risk.

The cloud and its various forms of consumption have become too complex for one sole company or infrastructure to meet all the customers’ needs, manage all the different digital ecosystems, and provide comprehensive cybersecurity prevention strategies.

Security companies Cisco, CrowdStrike, and IBM develop cybersecurity products and services to integrate into Amazon Web Services, Google Cloud, and Microsoft Azure. By partnering with third-party connector developers, these cloud providers can speed up their time-to-market offerings.

That, ultimately, is the reward.

How Vulnerable Are APIs?

APIs are essential in software applications, but they are at risk because of misconfiguration, lack of security measures, or lack of awareness. This vulnerability can lead to hackers’ unauthorized access to sensitive data or systems.

• APIs are at risk of attack from injected malicious code, leading to data exposure, system compromise, or takeovers.
• Weak authentication, improper session handling, and inadequate access controls can make APIs vulnerable to attacks. Attackers may exploit these vulnerabilities to impersonate users, hijack sessions, or gain unauthorized access to sensitive data.
• API can also be targeted with DoD attacks, causing service disruption, negative user experience, and financial losses. It is essential to assess APIs for security to protect data and prevent breaches.API security testing helps identify vulnerabilities and weaknesses in API implementations.

How To Test APIs for Security Vulnerabilities?

API testing is a necessary process that benefits developers, testers, and end-users. During early testing in the SDLC, developers can test APIs before the user interface is ready, allowing them to identify and resolve bugs at the server level before they appear in the UI layer. This testing helps prevent these issues from escalating.

Additionally, API testing enables testers to carry out requests that may not be recommended through the UI as it could expose security vulnerabilities. API testing is critical for catching bugs early to avoid delays in product releases.

UI Testing

UI testing is essential to confirm that the API functions appropriately within the application’s user interface. This testing guarantees that the UI accurately displays the API’s outcomes and that the API appropriately manages the UI’s inputs.

API Hacking

API hacking involves exploiting vulnerabilities in an API for security testing. Attackers can target API endpoints to gain data access, disrupt services, or take control of the system. Ethical hackers practice by attacking intentionally vulnerable APIs downloaded from the Internet. They can then test the organization’s APIs to identify weaknesses and assess resilience.

How to Protect APIs From Various Attacks?

API vulnerabilities are weaknesses in API security that bad people can use to do bad things. It can lead to data breaches, unauthorized access, and system crashes.

Stopping Excessive Data Exposure

Excessive Data Exposure happens when an API mistakenly discloses more data than required, which could aid potential attackers in future attacks.

To address this vulnerability, developers should only include essential data in their API responses. Engineers should enable this function by filtering data properly and controlling the quantity of data sent in each API response.

Rate Limiting

With rate limiting, an API can become overwhelmed with more requests, making it vulnerable to DoS attacks.

Limiting the requests can protect against attacks. To prevent DoS attacks, set a maximum number of requests in a timeframe.

Insecure Direct Object Reference (IDOR)

IDOR vulnerability lets attackers manipulate references to gain data access.

To mitigate this vulnerability, developers should avoid exposing direct references to internal objects in their APIs. Instead, they should utilize indirect references to increase the complexity for potential attackers seeking to manipulate the references and obtain unauthorized access.

Importance of Third-Party API Connectors in Cloud Environments

A well-designed API connection involves a three-layer architecture with system, process, and experience APIs. Adding layers of APIs can cause latency issues, especially with large data payloads. Maintaining latency in an API-led system requires dedicated IT resources.

Integration applications use connectors to link with systems through an API integration process, simplifying the process for creators by not needing direct programming. APIs enhance data transfer within systems by being integral parts of the systems.

APIs are crucial for modernizing systems and integrating applications, helping teams meet digital transformation goals for business and customer satisfaction.

Risks Associated with Third-Party API Connectors

Third-party APIs benefit users and can seamlessly integrate with business SaaS applications and cloud platforms. However, a notable issue arises when these apps and their providers access company data without adequate security.

Third-party APIs connecting to SaaS-to-SaaS platforms pose a supply chain risk. Providers’ weak security practices can put data at risk even with the enablement of known security protocols. Security teams need control over permissions for these apps, especially those with real-time integration risks and dependencies on third-party developers.

APIs become integrated into the various cloud-based applications and infrastructures and become part of the attack surface. Hackers look for third-party API connectors, expecting most of them to be vulnerable.

Similar to operational technology (OT) and industrial control systems (ICS), developers and security operations people choose to patch or update an API once it is deployed. This decision often leads to cyberattacks against API connectors, as hackers can access various websites and cloud instances looking for these connectors.

Security is a concern with integration security gaps in custom-built API integrations. This risk can lead to authorization problems, security misconfiguration, and insufficient logging. Without security reviews and data governance controls, there is an increased risk of security issues.

The Need for Continuous Assessment and Real-time Monitoring Third-Party API Connectors

Continuous security monitoring is a system that checks for security issues and alerts you if there’s a problem. Specifically, for APIs and other third-party connectors, ensuring the connectors have not become compromised is critical for all parties leveraging the tool.

Another critical task for developers is to perform assessments against APIs to validate and check exposed vulnerabilities that require immediate remediation. Developers will use Dynamic Application Security Testing (DAST) tools to test APIs and web applications. These tools become embedded within the DevOps and CI/CD development process.

The Future of SecOps and Third-Party Connections

Cyberattacks are a common threat in today’s world. Small businesses are not exempt from these attacks. Cybercriminals often target them because they lack the resources to recover quickly from security incidents. This targeting can cause data breaches, financial losses, and damage to their reputation.

Organizations must invest in security operations (SecOps) as more systems depend on the cloud, APIs, and third-party connectors. The complex world of interconnections between applications, cloud instances, legacy on-premise systems, and SaaS-based offerings will continue expanding the vulnerable attack surface.

Securing third-party APIs is essential for meeting GDPR and HIPAA regulations, preventing potential penalties from regulatory agencies.

Numerous organizations are required to meet security standards, such as ISO 27001. Implementing these frameworks can help establish a secure system and showcase dedication to security with clients. Ongoing monitoring is often necessary to comply with security standards like SOC 2 and ISO 27001.

Final Thoughts

The more interconnected we have become, the more likely we will see security like CrowdStrike and Microsoft. SecOps will continue to be critical in monitoring databases, APIs, cloud instances, user access, and ecosystem connections through the various supply chain portals and hosted systems.

Monitoring, reporting, and automation of API remediation will continue to gain momentum by heading into 2025.

Small businesses require a well-thought-out strategy to improve the security of their web applications and APIs. Investing in SecOps, either in-house or with a managed security service provider (MSSP), is essential for monitoring APIs and providing incident response functions.

About Rohan Bafna

Rohan is a WeWORK Incident Response and Threat Detection director based in New York City. He holds a master’s in computer science from Rochester Institute of Technology and an undergraduate degree from Thadomal Shahani Engineering College in Mumbai, India.

Rohan’s experience in security operations automation extends well into enabling artificial intelligence machine learning and developing next-generation security orchestration automation and response (SOAR) functions. Along with mastering SecOps automation, Rohan mentors many first-year engineers interested in learning more about modern security engineering, including deploying Cisco/Splunk for observability and better-automated notifications.

Rohan can be reached at [email protected] and on LinkedIn at https://www.linkedin.com/in/rohan-bafna-0911807b/.

#cybersecurityroadmap #roadmapofcybersecurity #cybersecuritycourse #cybersecurity2023 #roadmap #cybersecuritypodcast #scalability #business #cloud #cyber #podcast #podcast #management #innovation #emailsecurity #dlp #encryption #ransomwareprotection #malwareattacks #ciso Security, Privacy and Risk #privacy #security #email #compliance

The post Risk and Reward of APIs and Third-Party Connectors in the Cloud appeared first on Security Boulevard.

The second edition of AI Pulse is all about AI regulation: what’s coming, why it matters, and what might happen without it. We look at Brazil’s hard não to Meta, how communities are pushing back against AI training data use, Interpol’s warnings about AI deepfakes, and more.

Trend Micro research uncovers new cybercrime tools posing increased threats to security, highlighting the rapid evolution of AI-powered hacking services and their potential for mass exploitation

技术能力、产品研发、培训服务持续创新突破！

Despite getting help, NIST is not keeping up with new vulnerability reports for the National Vulnerabilities Database, according to an analysis from Fortress Information Security.

API Security Anywhere Self-Managed Option Imperva continues to deliver solutions that help customers protect their applications and APIs, whether in the Cloud, on-premises, or in a hybrid environment. Imperva API Security includes a SaaS-based and an on-premises solution, both managed in the Imperva Cloud Management Console. Imperva is further expanding the management options for its […]

The post Deploy API Security On-Premises with New Imperva API Security Anywhere Self-Managed Option appeared first on Blog.

The post Deploy API Security On-Premises with New Imperva API Security Anywhere Self-Managed Option appeared first on Security Boulevard.

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full […]

One threat actor claims to have already gathered email addresses and associated hashes from more than 110 remote IT management databases.

Microsoft says that an examination of Windows crash reports around the outage shows that kernel drivers need to be carefully employed.

In November 2009, as coach of a youth baseball team, I received a Google Sheet with the names, birthdays, contact information, and team names for about 30 kids born between 1997 and 2000. More than 14 years later, I still have access to that document.  Today, those players are in their early to mid-twenties. Presumably, […]

The post Detecting Externally Facing Resources appeared first on Adaptive Shield.

The post Detecting Externally Facing Resources appeared first on Security Boulevard.