Are APIs as Secure as They’re Cracked Up to Be?

American Banker, July 15, 2021–Peggy Crosman (subscription)
A report published this week challenges that notion. Researchers at Salt Labs, a unit of Salt Security in Palo Alto, California, analyzed the online platform of a large financial institution that provides API services to partner banks and financial advisors. They discovered multiple API vulnerabilities that they exploited to view customers’ financial records, delete customer accounts, perform account takeovers and conduct denial-of-service attacks.