This week, we take a look at the recent API vulnerabilities at Experian, Facebook, and possibly DigitalOcean and Geico. There is also a review of Burp plugins for API vulnerability discovery, and a new API security penetration testing lab.
Vulnerability: Experian
Bill Demirkapi found an unprotected Experian API that returned a credit score based simply on someone’s name and address.
Read the original article: API Security Weekly: Issue #132