Salt Security, the leading API security company, today released new API threat research from Salt Labs that highlights a GraphQL API authorization vulnerability in a B2B financial technology (FinTech) platform. The findings, which were identified by researching the mobile applications and SaaS platform of this FinTech provider, call attention to authorization-level flaws that can arise with nested queries in GraphQL, an open-source query language used to build APIs. Salt Labs found that the failure to implement authorization checks correctly meant the researchers could submit unauthorized transactions against any customer account and harvest any customer’s sensitive data.

Read More