Passkeys See Fresh Momentum With New Pilot Programs
Apple adds API that will enable sharing of passkeys across platforms, and Google offers passkey authentication in beta for Google Workspace and Google Cloud.
API security focuses on protecting application interfaces from unauthorized access, data exposure, abuse, and flaws in authentication or design.
Search across headline titles and summaries.
Background for this topic.
Application Programming Interfaces (APIs) are sets of rules that allow software applications to communicate and exchange data, often enabling functionality across different systems or services. APIs define how requests and responses are structured, making it possible for programs to interact without direct user involvement. In cybersecurity, APIs are commonly exposed over networks as endpoints that handle sensitive operations like data retrieval, user authentication, or transaction processing.
APIs increase the attack surface by exposing endpoints that attackers can target with unauthorized access attempts, injection attacks, or denial-of-service. Common risks include weak or missing authentication, insufficient input validation, and improper rate limiting. Effective API security requires strong authentication protocols (e.g., OAuth), strict input validation to prevent injection, rate limiting to mitigate abuse, and comprehensive logging to detect anomalies. Protecting APIs is critical to prevent data leaks, privilege escalation, and service disruption in interconnected environments.
Apple adds API that will enable sharing of passkeys across platforms, and Google offers passkey authentication in beta for Google Workspace and Google Cloud.
With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world.
APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even take control of the entire system. Therefore, it's essential to have a robust API security posture to
Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. [...]