Tag: API

Cyber image

Spotlight: Traceable CSO Richard Bird on Securing the API Economy

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data.

API Security

Malicious Automation is driving API Security Breaches

Removing the ability to automate against a vulnerable API is a huge step forward, as automation is a key enabler for both the exploitation and the extraction of large amounts of sensitive data.

Opinion: Gaping Holes in Security of APIs

In-brief: In this, the first in a three-part series on REST API, Neeraj Khandelwal of Barracuda Networks discusses the growing importance of application program interfaces to business success, and how API insecurity poses a significant and under-appreciated risk to businesses.

Graph Search

Facebook Graph Search API Used To Brute Force Phone Numbers From Profiles

Facebook’s Graph Search feature hasn’t been released yet. But white hat hackers are already harnessing the powerful social search engine to gather sensitive information on Facebook users. A new module for Recon-ng an open source “web reconnaissance framework” allows anyone with a Facebook Developer account to use Graph Search and Recon-ng’s features to harvest phone numbers associated with Facebook user accounts. The tool, dubbed “Facebook Harvester” allows brute force searching by partial phone numbers, using brute-force techniques, according to a blog post by Rob Simon, a Canton, Ohio- based security professional. Simon, who counts penetration testing and reverse engineering  among his skill set, wrote about his experiments using Graph Search on his blog, kc57.com. in April. In a phone interview with The Security Ledger, Simon said his work doing penetration testing drew him to the Graph Search API, which allows programmatic interaction with the Graph Search engine. He said the […]