The application security testing world is made up of various different solutions, all with one ultimate aim – to protect software from hackers and attacks.
James McQuiggan, Security Awareness Advocate, KnowBe4
“These API vulnerabilities discovered by security researchers help the organization’s community create a secure environment, but the concern is whether criminal hackers had discovered it previously and were using brute force or credential stuffing to gain access. While accessing the platform can be unfortunate, the criminal hackers are looking to see which accounts provide access and then use that information for spear phishing email scams against the users or leverage the accounts against other websites.
It’s important for organizations to consider the next step in user authentication and implement multi-factor authentication (MFA). There is the risk and cost of a data breach versus the cost of a user management access system with MFA to protect the user accounts and authentication. Not using an MFA solution can expose your users’ information unnecessarily and cause damage to the reputation of the organization if there is a data breach.”