This week, we check how Tinder’s API vulnerability has developed a life of its own, the latest statistics from Akamai on API security, the best current practices for JWT, and why API security needs both API firewalls and API management, not just either-or.
Vulnerability: Tinder
Back in July 2019, we covered the OWASP API3:2019 — Excessive data exposure vulnerability in Tinder APIs. The premium features, such as unblurred images of those who like you, were not enforced on API-level. Thus, a suitable crafted request to the API could by-pass these restrictions.
