PHP holds the bar as one of the most popular and sought-after technologies for web development. As W3Techs shows, PHP code is running on 76.8% of all websites around the globe. We are very excited to announce that the latest version of Bearer now supports PHP in Beta, with more than 50 rules already available, providing a good level of security risks and vulnerabilities coverage. For the PHP support in this release, we have included a strong focus on the popular Symfony framework.
Application Programming Interfaces (APIs) have profoundly transformed the internet's fabric. In the pre-API era, digital interactions were limited by siloed systems functioning in isolation. APIs dismantled these barriers by introducing a universal language that diverse applications could comprehend. This linguistic bridge facilitated an unprecedented level of interconnectivity between software entities.
Manufacturing is an industry in flux. The sector has been acutely affected by inflation, supply chain challenges and labor shortages in recent years, while also grappling with rapid developments in technology. It is no stretch to state that a manufacturer’s ability to leverage technology is a key determinant in its success and failure – now and into the future.
In an age characterized by digital transformation, APIs serve as the backbone of modern applications, enabling diverse systems to communicate and share data seamlessly. This widespread API adoption, however, exposes organizations to a considerable attack surface, inviting the attention of cyber adversaries searching for vulnerabilities to exploit.
Over 18 months ago, a small group of us started a program to support the US federal government and the broader public sector with robust API security. Recognizing the major shifts in government cyber security, we focused on Zero Trust early. We wrote about it, talked about it, and evangelized on the importance of including API security in a ZT architecture. An early achievement was a detailed mapping of API security to the pillars of ZT over a year ago.
Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude this series, it's time to summarize and offer some practical guidance for security practitioners looking to bolster API security in their organizations.