![]() Their main conclusion is that API abuse has become the leading threat in the field. Radware has released their “2020-2021 State of Web Application Security Report”. Industry statistics: State of Web Application Security Report Defining strict patterns for returned data (in this particular case, a regular expression for acceptable update URLs) could have prevented the attack. This was a relatively sophisticated attack, and it showed why data validation needs to happen not only on API requests but also on responses. ![]() The researchers discovered that attackers made the API to selectively deliver to targeted users malware URLs instead of those of regular updates: Security researchers from ESET discovered that this API got hacked to deliver malware instead of normal updates. The product has an automatic update system where the client invokes a cloud API to check for updates, download, and install them. BigNox, the company behind the emulator, claims that they have over 150 million users predominantly in Asian countries. NoxPlayer is an Android emulator for PCs and Macs. They also advised that the original ESET research article has been modified to include their statement on the measures taken. We have been contacted by a BigNox representative assuring us that the security issues have been fixed. Bluestacks still doesn’t give this option.This week, we take a look at the recently discovered API attack in NoxPlayer, the latest annual “State of Web Application Security” report by Radware, a detailed step-by-step pentesting tutorial, and a recording of a session on API security and Azure API management from AppSec Israel.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |