Delinea Secret Server customers should apply latest patches
Updated Attackers could nab an org's most sensitive keys if left unaddressed
Patches
15 Apr 2024 | 3
Not technically correct
"RESTful APIs are commonly publicly accessible, creating a mechanism for hackers to easily gain control over production servers and obtain sensitive user data."
Well, the whole idea of web services is to make them accessible via the web - you can secure them for internal use only if you want, but otherwise, yes they are as accessible as any other web server HTTP services, because that's how they work. How you secure them (or don't) is your responsibility. It is really going too far to say they allow hackers to easily gain control over production servers, unless whoever set it up was a total dimwit.
However, the convenience and simplicity of REST services has led to their popularity, so enough dimwits are inevitable statistically. Securing this stuff properly isn't for amateurs and the inexperienced. It needs both the sysadmins and devs to have a well planned way to do so. Still, REST has gained supremacy by its' very ease of use nature, and therein lies the trap for the unwary, as always.
However, as one of the few remaining fans of the SOAP web service model, this looks like chickens coming home to roost. SOAP has an extensive inbuilt security model (optional of course - but not if you're sane), but never gained general favour because it was "too difficult and complex" and REST was "easy". And so difficult but complete security got discarded for a quick and dirty cludge, yet again, with the same old predictable results.
Biting the hand that feeds IT
