SecurityRatty: tag: api

Another MySpace XSS Through an API

2008-01-21 16:24:14 by RSnake in ha.ckers.org web application security lab

...APIs. Hackers dont care that your browser sees them as different domains. If they can attack the API and that API has access to the same data that the main website does, but without the controls in place to lock it down, that much the better. Anyway, all of this and much much more will be covered in the OWASP preso that Im doing in Minnesota...

Tags: api, mobile api, myspace, xss, website, main website, mobile platform, rosario, rosario valotta

How to use the QQQVEXPL API

2008-07-09 12:24:04 by Kent Milligan in WhatIs: Enterprise IT tips and expert advice

The QQQEXL API does not need to be coded to on AS/400 DB2, instead you may use a Visual Explain tool which transparently uses the API to analyze the access plans for SQL statements and query requests

Tags: api, qqqexl api, visual explain tool, as400 db2, access plans, query requests, sql statements, coded, transparently

The Servlet API and RESTful development

2008-07-09 13:54:33 by Brein E. Nally in WhatIs: Enterprise IT tips and expert advice

Jason Bloomberg the state of the Servlet API now and whether it improperly inhibits RESTful development

Tags: servlet api, jason bloomberg

Holiday Storm Part 3

2007-12-26 23:43:00 by Russ McRee in HolisticInfoSec.org

...API (can you say rootkit?). No more hanging out in the open, easily seen The Helios Rootkit Detector , now included in RAPIER , discovered darker voodoo than the last two versions Scanning File System For Hidden Files Scanning Drive C 1 C:WINDOWSsystem32cleanmgr.exe Hidden From API 2 C:WINDOWSsystem32clean.config Hidden From API 3...

Tags: kernel31 api log, log, api, zhelatin-asx, sys, asx, rootkit, helios rootkit detector, zhelatin

Minimizing the Attack Surface, Part 2

2008-07-07 21:10:25 by Chris Eng in Zero in a bit

...API but generally dont care how its implemented. Granted, thats how an API is supposed to work; you dont have to futz around with code beyond the API boundary, and you can blissfully ignore parts of the library that you dont need. In past consulting gigs, Ive sat in threat modeling discussions where nobody knew whether a particular library...

Tags: dwr-invoker dwr, dwr-invoker, dwr library, dwr, library, security, dwr dispatcher, security posture, point-in-time application profile

Phishers and Malware authors beware!

2007-06-18 14:59:00 by Niels Provos in Google Online Security Blog

...API we launched today. It provides a simple mechanism for downloading Google's lists of suspected phishing and malware URLs, so now any developer can access the blacklists used in products such as Firefox and Google Desktop The API is still experimental, but we hope it will be useful to ISPs, web-hosting companies, and anyone building a site...

Tags: api, google, google desktop, garrett casto, malware urls, brian rakowski, declare victory, simple mechanism, close attention

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle

...API list. We have seen bugs that do not affect Windows Vista because of banned API removal, one such example is MS06-078 in Windows Media Player. The SDL's Banned API removal requirement has proven to be very effective. .MIF File Parser Vulnerability Like the .SAM bug, this bug is an insecure call to a string copy function, in this case the...

Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers

Welcome to the Platform Club! :-)

2008-02-15 14:59:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...API is central to this Data access: in case of a log management platform , API should let users receive their log data in either raw or processed (i.e. "parsed" or tokenized) form API for control: log analysis is not just searching, but also includes alerts and other things that sometimes needs to be tuned. API should allow that Also,...

Tags: platform, platform club, log management platform, log management, platform requirements, application platforms, platforms, platform shoes, well-known application platforms

Thin Client Security: Wise up!

2008-04-18 23:36:44 by Craig Balding in Cloud Security

...API makes your thin client OS secure loses you so much credibility. A hint: you will want to engage a qualified 3rd party to flex your API in the same way an adversary would with an unpublished API, Wyse Thin OS is one of the most secure operating systems on the market With 128MB of Flash, insecure update methods and an unpublished API, Id...

Tags: thin client, thin clients, thin clients vendors, secure, api, secure loses, security people expect, rest protection issues, minimal attack surface

Security In The Cloud: Introducing Cloud Mashups

2008-04-21 16:40:49 by Craig Balding in

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo