Read the original article: API Security Weekly: Issue #111
This week, we take a look at the recent API security issues with Resource-Based Policy APIs at Amazon Web Services (AWS), Backup Gateway APIs at Tesla, and in Twitter Fleets. In addition, we have some free passes to the upcoming DeveloperWeek New York that includes some talks on API security too.
Vulnerability: AWS Resource-Based Policy APIs
Researchers at Unit42 found that 22 APIs across 16 different AWS services can be exploited to leak Identity and Access Management (IAM) users and roles.