Salt Security discovered a major API vulnerability in a widely used US fintech platform. The identity of the platform is not disclosed. Security researchers gained unauthorised access to potentially steal financial and transactional data.

The vulnerability is categorized as Server-Side Request Forgery (SSRF). Salt Security accessed the bank details and financial transactions of an undisclosed, major US fintech platform.

The SSRF vulnerability was integrated into many of the platform’s systems. As a result, the vulnerability affected all connected US banks’ accounts and transaction data. Naturally, the fintech platform has been notified.

API security

API vulnerabilities are on the rise. In a recent report, 95 percent of companies surveyed dealt with an API security incident in the past 12 months. In the same period, malicious API traffic increased by a staggering 681 per cent.

Banking apps are a favourite

Salt Security notes that modern banking apps are of particular interest to attackers. Many companies invest little in advanced API security. Traditionally, organizations use web application firewalls (WAFs) and API gateways to secure API traffic. That’s a problem. WAFs and gateways are unable to monitor poor configurations, which is where threats can arise.

Tip: 2022 is the year of API security, Salt Security plays an important role