Threat Landscape API: Escape opens a database of digital threats

[Carding Forum]

The Threat Landscape: Escape API opens up the landscape of digital threats.

Escape, an API security company, has released a free database of API-related security incidents. This new tool, the Threat Landscape API, is a carefully selected public database that contains information about publicly disclosed security incidents related to the API. The database contains information about threats, attack vectors, types of secret key leaks, as well as classification by OWASP Top 10 and CVE.

Key features of the Threat Landscape API:

1. Incident information: The database includes incidents where the API was used as the main attack vector. It does not cover cases of API vulnerabilities that did not lead to data leaks.
2. Participants in the attacks: The database specifies the participants of attacks and the main attack vectors.
3. Key leaks: Specify the types of leaked secret keys, if any.
4. Classification: Incidents are classified according to the OWASP Top 10 and assigned CVE.

The Threat Landscape API helps you understand the following aspects:

• API security threats: Any malicious activity that leads to the leakage of confidential data through the API.
• Incident types: Only cases where the API was the main attack vector are included. Studies of vulnerabilities that did not lead to leaks are not included.

Recent examples of incidents include a data leak via the MOVEit API that affected more than 2,620 organizations. Escape plans to expand the database by adding more detailed security studies and incidents from various industries, which will allow companies to better protect their systems and data.

These Escape initiatives are designed to raise awareness of API security risks and help organizations effectively protect their data.

Source