The BKS version 1 keystore files for Bouncy Castle, a collection of cryptographic APIs for C# and Java applications, reportedly contain a weak hash-based message authentication code (HMAC) that can easily be cracked by hackers.
As a security topic in its own right, API security and API vulnerabilities are still relatively unknown to most organisations and even many security professionals.
A bug in T-Mobile's wsg.t-mobile.com API may have allowed attackers to access customer data that can be used to carry out phishing attacks or worse.
Owen Garrett discusses microservices and how it poses its own security risks then delves into options as to how we can mitigate them.
Dense population and its role as a transportation hub has pushed the UK to ensure good security for APIs exposed in use, integrating borders and government agencies, says Jason Macy.
Leading pen tester reveals his main security concerns for the next 12 months
Malware writing has undergone many changes over the years - from hobbyists to a criminal business - with mobile and social now the hot targets, Rob Buckley reports.
Keeping it simple and ensuring the basics are properly covered is likely to result in the biggest improvement in software security, says Cigital's Paco Hope.