This article has been indexed from DZone Security Zone
This week, we have details of a potential vulnerability in existing Prometheus installations with no endpoint security enabled, details of a new tool to assist organizations to map their API attack surface, a report on the analysis of publicly available OpenAPI definition files in the public domain, and news on upcoming API security awareness and training from We Hack Purple.
Vulnerability: Unsafe Defaults in Prometheus Expose Secrets
JFrog recently published a report on a potential vulnerability in Prometheus, a popular open-source event monitoring and alerting solution. Attackers could parse unsecured endpoints to retrieve sensitive data.
Read the original article: API Security Issue 157