API Security: Exposed API Endpoint Leaks Over 11 Million Telco Customers’ Data

1.0Checkmarxhttps://checkmarx.comAPI Security: Exposed API Endpoint Leaks Over 11 Million Telco Customers’ Datarich600338<blockquote class="wp-embedded-content" data-secret="56rKxNrfk0"><a href="https://checkmarx.com/blog/api-security-exposed-api-endpoint-leaks-over-11-million-telco-customers-data/">API Security: Exposed API Endpoint Leaks Over 11 Million Telco Customers’ Data</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://checkmarx.com/blog/api-security-exposed-api-endpoint-leaks-over-11-million-telco-customers-data/embed/#?secret=56rKxNrfk0" width="600" height="338" title="“API Security: Exposed API Endpoint Leaks Over 11 Million Telco Customers’ Data” — Checkmarx" data-secret="56rKxNrfk0" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://checkmarx.com/wp-includes/js/wp-embed.min.js /* ]]> */ </script> https://checkmarx.com/wp-content/uploads/2022/10/Shutterstock_1357654529.jpg1600800By scanning APIs at the source, organizations can identify otherwise undocumented endpoints (known as shadow APIs), such as what appears to be the case that led to the data breach of the APAC telco. Of course, you need a good platform to do the analysis.