Aside from disrupting servers through a deluge of requests to "debug/pprof/heap" and other endpoints, attackers could also exploit Prometheus' "metrics" endpoint to obtain information from internal API endpoints, Docker registries, subdomains, and images that could be leveraged for reconnaissance efforts.
This week, in the enterprise security news:
the latest cybersecurity fundings
Cyera acquires Trail Security
Sophos acquires Secureworks
new companies and products
more coverage on Cyberstarts’ sunrise program
AI can control your PC
public cybersecurity companies are going private
Splunk and Palo Alto beef
All that and more, on this episode of ...
APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational...
F5’s solution addresses these risks by offering comprehensive, end-to-end API security that covers the entire lifecycle—from code development through production.
