Read the original article: API Security Weekly: Issue #116
This week, we check out the recent API vulnerabilities at Facebook and Parler, there is a new GraphQL discovery tool called clairvoyance, and we have API security advice from Corey Ball.
Vulnerability: Facebook
Pouya Darabi found an API vulnerability in Facebook that allowed him to create posts on other users’ pages. The posts were not popping up in the newsfeed, but they were visible and looked legitimate to anyone who would have accessed them through a direct link.
Read the original article: API Security Weekly: Issue #116