星巴克’在公共GitHub存储库中找到API密钥– reports

星巴克’在公共GitHub存储库中找到API密钥– reports
开发者 is a hub for the latest news, blogs, comment, strategy and advice from leading brands and experts across the apps industry. It provides a free, practical resource that aims to help 开发商s negotiate the industry, access top level advice and ensure they are able to negotiate the industry as effectively and profitably as possible.

星巴克的开发人员在公共GitHub存储库中保留了一个API密钥,该密钥可能使任何攻击者都可以访问咖啡馆链’可以轻松操纵授权用户列表的内部系统。

首先 Bleeping Computer的报道,API密钥’的漏洞级别被设置为关键级别,因为它可以访问星巴克JumpCloud API,但是漏洞猎人Vinoth Kumar发现了该漏洞,他找到了密钥并通过HackerOne漏洞协调和漏洞赏金平台负责地公开了它。

JumpCloud是一个活动目录管理平台,被称为Azure AD替代产品,它提供用户管理,Web应用程序单点登录(SSO)访问控制和轻型目录访问协议(LDAP)服务。

星巴克最终对Kumar感到满意’补救并奖励他$ 4,000(£3,047)。

上个月,StrongSalt 发布了其开放隐私API to improve the security of 开发商s’ applications. StrongSalt offers APIs and SDKs for most of the leading cloud providers, including Box, AWS S3, Google 云, and Azure. StrongSalt can also supply cloud storage for those without a current provider. The Open Privacy API provides encryption features so 开发商s can focus more on building great apps without having to learn the cybersecurity expertise needed to make them secure.

在同一时间, API开发公司Postman发布 关于使用API​​的各类人员的一些有趣发现。在10,000位表示使用API​​的受访者中,超过一半(53%)的标题不是"developer". This represented a significant increase over 2018 when 59% said they were either front-end or back-end 开发商s. Some of the non-developer roles where people are engaging with APIs include technical writers and executives. Postman found 74% API development teams are small with below 10 members.

有兴趣听行业领导者讨论这样的话题并分享用例吗? 参加同居 5G博览会物联网技术博览会, 区块链博览会, 人工智能 & 大数据 Expo和 网络安全& 云 Expo 世界大赛即将在硅谷,伦敦和阿姆斯特丹举行。

查看评论
发表评论

发表评论

您的电子邮件地址不会被公开。 必需的地方已做标记 *