API Security Weekly: Issue #146 - MrLiambi's blog


My tweets


Thursday, 12 August 2021

API Security Weekly: Issue #146

This week, we have the recent API fix involving group membership at Facebook, a case study of a BOLA vulnerability leaking users' credit coupons, a handy add-on for Burp Suite, plus an interview with a security expert on API security.

Vulnerability: Facebook

Facebook API was leaking information on users' memberships in private groups. Muhammad Sholikhin found that he could verify if someone was a member of a private Facebook group, as long as the attacker and the victim were connected (friends) on Facebook. Membership information on private Facebook groups is not supposed to be visible to anyone outside the group.

Source : https://dzone.com/articles/api-security-weekly-issue-146

No comments:

Post a Comment