This week, look at API key security, business impact, and API security by design.
Let’s be friends:
Comment (0)
Join the DZone community and get the full member experience.
This week, Samsung has leaked a token that provides full access to their SmartThings code repository, and Facebook fixed one API flaw but got fined for another. We also have a discussion of API security and DevOps and look into a survey that Postman runs on the future of OpenAPI support.
We have discussed API key security in our issue 25. This week, there was another high profile leak: Researchers found in the wild a token giving full access to the Samsung SmartThings GitLab repository.
One of the Samsung labs had a GitLab server with some of the repositories set to be public, and one of these repos had an AWS S3 access token in its code. The AWS S3 turned out to have more than 100 storage buckets, containing logs and analytics. Within that data, researches found GitLab tokens, including the one for the SmartThings project.
