How attackers exploiting e-commerce API vulnerabilities
Are you managing an Online e-commerce business security team?
We have selected 3 API security issues that caused data breaches in the e-commerce and online retail industry last 2 years:
Reward credits stealing by SQL injection in REST API
Application-level DoS attack by exploiting logic bomb in a Lucene search engine at black Friday
Massive users’ account takeover attack by exploiting a stored XSS vulnerability
According to Gartner’s research, 83% of all the traffic in the Internet is API calls. E-commerce industry was one of the early adopters of the SPA (single-page-application) and API approach to deliver better buyers experience and deal with the supply chain automation. Unfortunately, because of business urgency and deployment speed, API security often remains overboard.