Application Programming Interfaces (APIs) are the backbone of modern software development, enabling seamless communication between various systems and services. As organizations increasingly rely on APIs to power their applications and services, the need for robust API management and monitoring solutions becomes paramount. Capturing API calls and gaining insights into their behavior can significantly enhance the development, troubleshooting, and security of APIs.

APIs are often adopted by businesses as a way to automate certain operational tasks. This not only helps to introduce efficiencies, it also reduces the chance of human error in repetitive, manual actions. But the relationship between APIs and automation doesn’t end there. To streamline the API management process, developers have started automating a variety of tasks in the API lifecycle, from development to production.

Today, the speed and quality of software delivery are more critical to business success than ever. This highlights the importance of integrating security within the development lifecycle to maintain high velocity. In the ongoing race to extract business value from software and technology, the agility and efficiency of development teams are vital. Static Application Security Testing (SAST) plays a key role in this context, providing a vital tool for secure development.

In the ever-evolving landscape of cybersecurity, where the battle between defenders and hackers continues to escalate, it is crucial to scrutinize every aspect of web interactions. While the HTTP status code 200 OK is generally associated with successful API calls, there’s a dark side to its seemingly harmless appearance that often goes unnoticed.

Credential Stuffing, a vital yet often overlooked aspect of cybersecurity, needs to be addressed with urgency. An alarmingly large segment of the population engages in the risky habit of using the same password for various accounts. This behavior parallels the risk of using a universal key for various locks in your life, such as those for your home, car, or even hotel rooms during vacations.

In our Annual API ThreatStats report, we highlighted the increasing threat of API Leaks. An API Leak is the disclosure of sensitive API information, such as a token, credential, or private schema. These leaks can occur directly via the API itself, but also via third party tools used to manage source code, such as Github or Postman. API Leaks came in at number 4 in our dynamic top 10 list of API Security issues.

Graylog API Security v3.6 is here! Just taking the version number by itself, v3.6 sounds like an incremental step forward. But the truth is that v3.6 isn’t just a release milestone; it’s a huge inflection point in our mission to improve API security. There are multiple “firsts” in v3.6, which makes the total combination even more exciting.