Using an Internet browser to access cloud-based service creates the risk of insecure implementation of API. API stands for Application Programming Interface, which is a set of rules and protocols that allow different applications or services to communicate and exchange data. API is often used to access cloud-based service, such as software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS). However, if the API is not implemented securely, it can expose sensitive data or allow unauthorized access to the cloud service. For example, an API may not use encryption, authentication, or authorization mechanisms to protect the data in transit or at rest. An API may also have vulnerabilities such as injection, broken authentication, or insufficient logging and monitoring, which can be exploited by attackers to compromise the cloud service or the user’s browser. Therefore, it is important to follow the best practices and standards for secure API development and testing, such as OWASP API Security Top 10. References:
1: Implementing and Operating Cisco Security Core Technologies (SCOR) - Cisco
2: 350-701 SCOR - Cisco
3: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0
4: 12 Cloud Security Issues: Risks, Threats & Challenges - CrowdStrike
5: 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud - SEI Blog
6: Remote Browser Isolation Protects Users from Threats - Cisco Umbrella
7: Which risk is created when using an Internet browser to access cloud-based service?
8: Browser in the Cloud: The Evolution of Secure Browsing - Leostream
[9]: OWASP API Security Top 10 2023
Submit