Read the original article: API Security Weekly: Issue #109
This week, another API has been leaking voter data in the US, we take a look at Dynatrace’s API token best practices as well as Dredd, an open-source OpenAPI verification tool, and there is a video with tips on locating broken object-level authorization vulnerabilities in APIs.
Vulnerability: Trump Campaign’s Post-Election Site
Although the campaigns are finally over, the US elections still feature in our newsletter. This time the dubious star of the week is the website that the Trump campaign launched to collect anecdotal evidence of voting issues. Researchers found that the APIs behind the site were poorly protected and leaking voter information.
Read the original article: API Security Weekly: Issue #109