Following the news that Attacker Accessed Dozens of Repositories After OAuth Token Theft, cyber security experts reacted below.
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
To avoid this type of a security incident, organizations should be sure that they do not rely solely on APIs as their authentication material. In addition, unsecured API keys should not be left exposed in cloud storage or code repos like Git. With access to these credentials, attackers can gain unauthorized access to an API as a legitimate user or admin. Also, organizations should never hardcode API keys or other credentials into their applications or devices, which gives attackers yet another
.....Read MoreTo avoid this type of a security incident, organizations should be sure that they do not rely solely on APIs as their authentication material. In addition, unsecured API keys should not be left exposed in cloud storage or code repos like Git. With access to these credentials, attackers can gain unauthorized access to an API as a legitimate user or admin. Also, organizations should never hardcode API keys or other credentials into their applications or devices, which gives attackers yet another way to gain unauthorized access.
Read LessLinkedin Message
@Yaniv Balmas, VP of Research, provides expert commentary at @Information Security Buzz.
"..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/attacker-accessed-dozens-of-repositories-after-oauth-token-theft
Facebook Message
@Yaniv Balmas, VP of Research, provides expert commentary at @Information Security Buzz.
"..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/attacker-accessed-dozens-of-repositories-after-oauth-token-theft