top of page
Writer's pictureDaria Chadwick

ReactFirst Weekly Roundup: This week in APIs | 1/14/2021

Get up to date on what you missed this week in the world of APIs.


Hot Topics

Software engineering leaders are rapidly adopting APIs to improve connectivity and enable digitization, but face an increased challenge of securely managing API sprawl. Our predictions about the future of APIs enable software engineering leaders to plan for API management and security challenges.


This is a comprehensive, start-to-finish guide to the processes required for effective API design. Unlike other books, it covers the entire lifecycle. by James Higginbotham


The dramatic rise in ransomware and other cyberattacks over the past year has finally driven home the point that cybersecurity needs to be taken much more seriously. Amid initiatives by the U.S. government and other parties, there's a growing global awareness of the need to focus on security to combat attacks that threaten vital areas of society. How might this renewed focus on security start to play out in 2022?


API Vulnerability in the AWS Cloudformation API On January 13th, researchers from Orca Security published a vulnerability found in the AWS CloudFormation API, a service that helps users model and set up their AWS resources. The vulnerability allowed the researchers to get file and credential disclosure primitives on an internal AWS service and leverage these to leak sensitive files found on the CloudFormation vulnerable machines. The attack flow then continues to an SSRF (server side request forgery) leveraging the connectivity and permissions of the targeted service.


Application programming interfaces (APIs) are widely used to connect systems and applications, and they have become an integral part of many mission-critical business capabilities. In fact, a recent Gartner survey found that 70% of organizations are using API management and mediation to build their digital platforms. However, many software leaders overlook the business potential of APIs as digital products, focusing instead on technical use cases.


 

Comments


bottom of page