Salt Security recently released new API vulnerability research that details a Server-Side Request Forgery (SSRF) flaw discovered on a US-based FinTech company’s digital platform. Salt Security takes a deep dive in this video into what SSRF is, what the risks are and how their solution is preventing it.
“This bug SSRF, as well as any other bug, always starts with a human error. So there is someone who is coding your software and he made an error somewhere. And quite usually, he's not aware that he made that error because it's a very slight error, but in the wrong hands. So it could become very dangerous and critical,” says Yaniv Balmas, VP of Research at Salt Security, on this episode of TFiR Insights.
Key highlights from this video interview are:
Balmas explains what SSRF is and why it can lead to dangerous situations.
Most organizations do not know these vulnerabilities are there. Balmas gives two of the key recommendations of protection organizations can take to mitigate these risks.
Balmas explains why education on common vulnerabilities types and how to identify and prevent them is so critical for software engineers.
Balmas details the steps organizations can take to remediate any gaps in protection from vulnerabilities such as SSRF flaws.
There are a number of challenges and risks financial institutions are facing when moving to the cloud and managing APIs in these challenging cloud environments. Balmas discusses how these changing landscapes are affecting FinTech.
Salt Security’s SaaS solution aims to study API traffic in a smart way. Balmas explains how their solution integrates into any environment or service easily and how it uses behavioural features to identify anomalies and alert users.
0 Comments