{"id":990020,"date":"2024-10-09T16:03:12","date_gmt":"2024-10-09T09:03:12","guid":{"rendered":"https:\/\/dbiz.vn\/?p=990020"},"modified":"2025-06-20T00:05:25","modified_gmt":"2025-06-19T17:05:25","slug":"strengthening-api-security-addressing-vulnerabilities-and-emerging-threats","status":"publish","type":"post","link":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/","title":{"rendered":"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats"},"content":{"rendered":"
\n

Introduction<\/h2>\n

In today\u2019s interconnected world, APIs (Application Programming Interfaces) have become the backbone of digital communication, enabling different software systems to interact with one another. From mobile applications to cloud services, APIs facilitate the exchange of data and services seamlessly. However, as APIs grow in importance, so do the risks associated with them. The increasing prevalence of API-related security breaches highlights the need for robust security measures.<\/p>\n

What is an API?<\/h2>\n

APIs allow different software components to communicate with each other, acting as a bridge between various systems. They enable the creation of complex applications by providing a set of protocols and tools for building software and applications. APIs are essential for the functioning of web services, mobile apps, IoT devices, and more. However, their widespread use also makes them prime targets for attackers.<\/p>\n

Top API Vulnerabilities<\/h2>\n

API vulnerabilities are diverse and can lead to severe breaches if not addressed properly. According to the OWASP API Security Top 10, the most common API vulnerabilities include:<\/p>\n

1. Broken Object Level Authorization (BOLA) – Occurs when an API does not properly enforce access controls, allowing attackers to access or modify data they shouldn’t have access to.<\/p>\n

2. Broken Authentication – This occurs when authentication mechanisms are weak, leading to unauthorized access.<\/p>\n

3. Excessive Data Exposure – APIs often expose more data than necessary, making sensitive information accessible.<\/p>\n

4. Security Misconfigurations – Default, incomplete, or improper configurations that expose the API to attacks.<\/p>\n

5. Injection Attacks – Malicious data is sent to an API, leading to SQL injections, command injections, or other forms of exploitation.<\/p>\n

6. Server-Side Request Forgery (SSRF) – This occurs when an attacker is able to manipulate the API and trigger the server hosting it to make requests to unintended destinations.<\/p>\n

In-Depth Look: BOLA and BFLA Vulnerabilities<\/h2>\n

1. Broken Object Level Authorization (BOLA)<\/p>\n

BOLA is one of the most critical vulnerabilities in the API security space. It occurs when an API fails to properly check user permissions, allowing attackers to access or manipulate data that they shouldn\u2019t have access to. For example, if a user can access another user\u2019s data by simply changing an ID in the API request, it indicates a BOLA vulnerability.<\/p>\n

2. Broken Function Level Authorization (BFLA)<\/p>\n

BFLA occurs when an API incorrectly assigns user permissions for accessing certain functions. Unlike BOLA, which deals with object-level access, BFLA is concerned with higher-level functionality. This vulnerability allows unauthorized users to perform restricted operations, potentially causing significant damage.<\/p>\n

API References and Definitions<\/h2>\n

When developing and securing APIs, understanding the tools and standards used to define, document, and interact with them is crucial. However, leaving an API documentation exposed is risky, as we will see in our case study.<\/p>\n

Here are some of the known specifications and tools, which can be used to automatically generate an API documentation:<\/p>\n

\u25cf Swagger<\/p>\n

Swagger is a framework for designing, building, and documenting RESTful APIs. It allows developers to define their APIs using a standardized format, making it easier to generate interactive API documentation and client libraries. Swagger’s user-friendly interface simplifies testing and interaction with APIs.<\/p>\n

\u25cf OpenAPI<\/p>\n

The OpenAPI Specification (OAS) is a standard for defining RESTful APIs. It provides a structured way to describe your API, including endpoints, request\/response formats, and authentication methods. OpenAPI builds on Swagger and has become the industry standard for API documentation, ensuring consistency and clarity across different APIs.<\/p>\n

\u25cf WSDL (Web Services Description Language)<\/p>\n

WSDL is an XML-based language used for describing web services, particularly SOAP-based services. It defines the operations that the service offers, the messages it accepts and returns, and the binding details needed for communication. Although more commonly associated with older SOAP services, WSDL remains relevant for certain enterprise environments.<\/p>\n

\u25cf ASP.NET Web API Help Page<\/p>\n

ASP.NET Web API Help Page is a built-in feature in ASP.NET that automatically generates help documentation for your API. It provides detailed information about your API endpoints, including parameter descriptions and sample responses, making it easier for developers to understand and use the API.<\/p>\n

\u25cf GraphQL Introspection<\/p>\n

GraphQL Introspection is a powerful feature that allows clients to query a GraphQL API for its schema. This means that developers can retrieve detailed information about available types, fields, and operations directly from the API, enabling dynamic querying and a better understanding of the API’s capabilities.<\/p>\n

Exposed API Documentation is Risky<\/h2>\n

While API documentation is essential for developers, leaving it publicly accessible without proper controls can expose your system to significant risks, starting from Information Disclosure to Unauthorized Access, Injections, and more.<\/p>\n

Case Study: Vulnerabilities Automatically Detected by ULTRA RED<\/p>\n

\u25cf CVE-2023-39375: This vulnerability is related to BOLA, where improper authorization checks allowed unauthenticated attackers to create a new user admin.<\/p>\n

\u25cf CVE-2023-39376: A BOLA vulnerability which allowed unauthenticated attackers to disable security measures applied by the application.<\/p>\n

\u25cf CVE-2024-41702: An SQL Injection vulnerability in an API login endpoint, where JSON object injection led to unsanitized values being passed to an SQL query.<\/p>\n

\u25cf Personal Identifiable Information (PII) Exposure: A BFLA vulnerability which allowed an attacker to access other user resources, specifically employees of a large company, and expose highly sensitive PII, including Protected Health Information (PHI).<\/p>\n

\n
\"\"<\/div>\n<\/figure>\n

\u25cf Vector Type – Server Side Request Forgery (SSRF)<\/p>\n

Summary: SSRF could be critical, especially when it is reflected. In our case, we could use SSRF to fetch cloud metadata and get initial access to the client\u2019s cloud environment.<\/p>\n

Detection: The system is programmed to automatically parse the API Definitions that we mentioned earlier and scan the endpoints for vulnerabilities. Unfortunately for the client, there was one API request that laid bare a critical vulnerability.<\/p>\n

The vulnerability allowed an attacker to send email messages to other users, originating from the API vendor\u2019s trusted mail server!<\/p>\n

We tested the parameter for SSRF, and got a successful callback.<\/p>\n

But there is more – the attacker could attach files to each email message by supplying a list of URLs.<\/p>\n

In the image below, we see that the request is sent to the \/api\/Email\/Send Email endpoint, which includes parameters such as Address, Emails, CCs, and BCCs. For this example, we’ve populated these fields with placeholder email addresses using a domain generated by Interactsh.<\/p>\n

We tried a few common and interesting endpoints for SSRF, such as the AWS metadata endpoint – we filled in the AWS metadata URL http:\/\/169.254.169.254\/latest\/meta-data as a file attachment:<\/p>\n

\n
\"\"<\/div>\n<\/figure>\n

Ok, so the request has been successful because we got the \u2018isSuccess\u2019 parameter as true.<\/p>\n

I used Interactsh to check if the file is sent, but a temporary mail can also be used:<\/p>\n

\n
\"\"<\/div>\n<\/figure>\n

We can see we got the SMTPinteraction. A second-order SSRF was found!In verbose mode we can see the base64 encoded content:<\/p>\n

\n
\"\"<\/div>\n<\/figure>\n

We can now take the encoded data, decode it and see that we could successfully access the instance metadata endpoint:<\/p>\n

\n
\"\"<\/div>\n<\/figure>\n

Securing Your APIs<\/h2>\n

To mitigate these vulnerabilities, here are some best practices:<\/p>\n

\u25cf Implement strong authentication and authorization mechanisms.<\/p>\n

\u25cf Follow the principle of least privilege to restrict access.<\/p>\n

\u25cf Validate and sanitize all inputs to prevent injection attacks.<\/p>\n

\u25cf Use rate limiting and monitoring to detect unusual activity.<\/p>\n

\u25cf Regularly update and patch APIs to address known vulnerabilities.<\/p>\n

\u25cf Introduce scanning tools (such as ULTRA RED) to automatically detect known and unknown vulnerabilities.<\/p>\n

Conclusion<\/h2>\n

As APIs continue to expand, securing them becomes paramount. By understanding common OWASP API top 10 vulnerabilities, and implementing robust security measures, organizations can protect their digital assets and ensure that their APIs remain secure.<\/p>\n

\u200d<\/p><\/div>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Introduction In today\u2019s interconnected world, APIs (Application Programming Interfaces) have become the backbone of digital communication, enabling different software systems to interact with one another. From mobile applications to cloud services, APIs facilitate the exchange of data and services seamlessly. However, as APIs grow in importance, so do the risks associated with them. The increasing…<\/p>\n","protected":false},"author":2,"featured_media":989984,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[113],"tags":[],"topic":[],"class_list":["post-990020","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ultrared-en"],"yoast_head":"\nStrengthening API Security: Addressing Vulnerabilities and Emerging Threats - Deliver Intelligence - Dibiz JSC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats - Deliver Intelligence - Dibiz JSC\" \/>\n<meta property=\"og:description\" content=\"Introduction In today\u2019s interconnected world, APIs (Application Programming Interfaces) have become the backbone of digital communication, enabling different software systems to interact with one another. From mobile applications to cloud services, APIs facilitate the exchange of data and services seamlessly. However, as APIs grow in importance, so do the risks associated with them. The increasing...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/\" \/>\n<meta property=\"og:site_name\" content=\"Deliver Intelligence - Dibiz JSC\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-09T09:03:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-19T17:05:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/\"},\"author\":{\"name\":\"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c\",\"@id\":\"https:\/\/dibiz.vn\/en\/#\/schema\/person\/0600f539506bef59e33dbd3b9864e715\"},\"headline\":\"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats\",\"datePublished\":\"2024-10-09T09:03:12+00:00\",\"dateModified\":\"2025-06-19T17:05:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/\"},\"wordCount\":1237,\"publisher\":{\"@id\":\"https:\/\/dibiz.vn\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png\",\"articleSection\":[\"Ultrared\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/\",\"url\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/\",\"name\":\"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats - Deliver Intelligence - Dibiz JSC\",\"isPartOf\":{\"@id\":\"https:\/\/dibiz.vn\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png\",\"datePublished\":\"2024-10-09T09:03:12+00:00\",\"dateModified\":\"2025-06-19T17:05:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#primaryimage\",\"url\":\"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png\",\"contentUrl\":\"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dibiz.vn\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ultrared\",\"item\":\"https:\/\/dibiz.vn\/en\/category\/ultrared-en\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dibiz.vn\/en\/#website\",\"url\":\"https:\/\/dibiz.vn\/en\/\",\"name\":\"Deliver Intelligence - Dibiz JSC\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/dibiz.vn\/en\/#organization\"},\"alternateName\":\"Dibiz JSC\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dibiz.vn\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/dibiz.vn\/en\/#organization\",\"name\":\"Deliver Intelligence - Dibiz JSC\",\"url\":\"https:\/\/dibiz.vn\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dibiz.vn\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/dibiz.vn\/wp-content\/uploads\/2023\/03\/3.png\",\"contentUrl\":\"https:\/\/dibiz.vn\/wp-content\/uploads\/2023\/03\/3.png\",\"width\":650,\"height\":300,\"caption\":\"Deliver Intelligence - Dibiz JSC\"},\"image\":{\"@id\":\"https:\/\/dibiz.vn\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/dibiz.vn\/en\/#\/schema\/person\/0600f539506bef59e33dbd3b9864e715\",\"name\":\"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dibiz.vn\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7dc66b59857c9aadb1b19e83e357594316cc1bd27b18f3b0ac69d27c800502a8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7dc66b59857c9aadb1b19e83e357594316cc1bd27b18f3b0ac69d27c800502a8?s=96&d=mm&r=g\",\"caption\":\"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c\"},\"url\":\"https:\/\/dibiz.vn\/en\/author\/hiennd\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats - Deliver Intelligence - Dibiz JSC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/","og_locale":"en_US","og_type":"article","og_title":"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats - Deliver Intelligence - Dibiz JSC","og_description":"Introduction In today\u2019s interconnected world, APIs (Application Programming Interfaces) have become the backbone of digital communication, enabling different software systems to interact with one another. From mobile applications to cloud services, APIs facilitate the exchange of data and services seamlessly. However, as APIs grow in importance, so do the risks associated with them. The increasing...","og_url":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/","og_site_name":"Deliver Intelligence - Dibiz JSC","article_published_time":"2024-10-09T09:03:12+00:00","article_modified_time":"2025-06-19T17:05:25+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png","type":"image\/png"}],"author":"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#article","isPartOf":{"@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/"},"author":{"name":"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c","@id":"https:\/\/dibiz.vn\/en\/#\/schema\/person\/0600f539506bef59e33dbd3b9864e715"},"headline":"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats","datePublished":"2024-10-09T09:03:12+00:00","dateModified":"2025-06-19T17:05:25+00:00","mainEntityOfPage":{"@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/"},"wordCount":1237,"publisher":{"@id":"https:\/\/dibiz.vn\/en\/#organization"},"image":{"@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#primaryimage"},"thumbnailUrl":"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png","articleSection":["Ultrared"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/","url":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/","name":"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats - Deliver Intelligence - Dibiz JSC","isPartOf":{"@id":"https:\/\/dibiz.vn\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#primaryimage"},"image":{"@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#primaryimage"},"thumbnailUrl":"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png","datePublished":"2024-10-09T09:03:12+00:00","dateModified":"2025-06-19T17:05:25+00:00","breadcrumb":{"@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#primaryimage","url":"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png","contentUrl":"https:\/\/dibiz.vn\/wp-content\/uploads\/2024\/10\/66e82ce08fa402bce2c62dc5_API-WEB.png","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/dibiz.vn\/en\/strengthening-api-security-addressing-vulnerabilities-and-emerging-threats\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dibiz.vn\/en\/"},{"@type":"ListItem","position":2,"name":"Ultrared","item":"https:\/\/dibiz.vn\/en\/category\/ultrared-en\/"},{"@type":"ListItem","position":3,"name":"Strengthening API Security: Addressing Vulnerabilities and Emerging Threats"}]},{"@type":"WebSite","@id":"https:\/\/dibiz.vn\/en\/#website","url":"https:\/\/dibiz.vn\/en\/","name":"Deliver Intelligence - Dibiz JSC","description":"","publisher":{"@id":"https:\/\/dibiz.vn\/en\/#organization"},"alternateName":"Dibiz JSC","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dibiz.vn\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dibiz.vn\/en\/#organization","name":"Deliver Intelligence - Dibiz JSC","url":"https:\/\/dibiz.vn\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dibiz.vn\/en\/#\/schema\/logo\/image\/","url":"https:\/\/dibiz.vn\/wp-content\/uploads\/2023\/03\/3.png","contentUrl":"https:\/\/dibiz.vn\/wp-content\/uploads\/2023\/03\/3.png","width":650,"height":300,"caption":"Deliver Intelligence - Dibiz JSC"},"image":{"@id":"https:\/\/dibiz.vn\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/dibiz.vn\/en\/#\/schema\/person\/0600f539506bef59e33dbd3b9864e715","name":"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dibiz.vn\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7dc66b59857c9aadb1b19e83e357594316cc1bd27b18f3b0ac69d27c800502a8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7dc66b59857c9aadb1b19e83e357594316cc1bd27b18f3b0ac69d27c800502a8?s=96&d=mm&r=g","caption":"Hi\u1ec1n Nguy\u1ec5n \u0110\u1ee9c"},"url":"https:\/\/dibiz.vn\/en\/author\/hiennd\/"}]}},"_links":{"self":[{"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/posts\/990020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/comments?post=990020"}],"version-history":[{"count":1,"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/posts\/990020\/revisions"}],"predecessor-version":[{"id":990021,"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/posts\/990020\/revisions\/990021"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/media\/989984"}],"wp:attachment":[{"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/media?parent=990020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/categories?post=990020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/tags?post=990020"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/dibiz.vn\/en\/wp-json\/wp\/v2\/topic?post=990020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}