Salt is enhancing its API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address the growing challenge of OAuth exploitation.

Salt Security has revealed research unveiling critical API security vulnerabilities in the OAuth protocol implementations of popular online platforms like Grammarly, Vidio and Bukalapak. These ...

This whitepaper describes the modern API Security landscape, and how to effectively leverage OAuth 2.0 and API Gateways for authentication and authorization from both the infrastructure and ...

A “popular, top-tier” travel service for hotel and car rentals was vulnerable to a flaw which allowed malicious actors to take over anyone’s account, a new report from API security firm Salt ...

Analysis of The Attacker’s Behavior GitHub analysis the incident include that the attackers authenticated to the GitHub API using the stolen OAuth tokens issued to accounts Heroku and Travis CI.

Checking for malicious OAuth apps As Office 365 OAuth apps can give attackers complete access to an Office 365 account, they can be used for a variety of attacks.

“We hope this series has helped educate the broader industry on the nature of potential OAuth implementation errors and how to close these API-based security gaps to better protect data and use ...

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations.

A critical security flaw in the Expo framework has been discovered that could be exploited to reveal user data in various online services. The vulnerability (CVE-2023-28131) was discovered by Salt ...

Security flaw in Booking.com OAuth implementation could be used to launch account takeovers, but researchers discovered and flagged the issue before it could be exploited in the wild ...