APIs are the backbone of modern web applications, yet we rarely assess security beyond the traditional WAFs and Gateways. In fact, in a recent scan of over 1.5k GraphQL endpoints revealed a staggering 46,000+ security issues and sensitive data leaks—all accessible without authentication, with 10% classified as critical. Due to API’s being widely used by developers, they have now become a favored attack vector for threat actors.

GitGuardian Honeytokens can help you stay safe as you tackle secrets sprawl at scale. Deploying GitGuardian honeytokens into all of your repositories will give you an immediate warning system, letting you know when someone scans your repos or if they they get leaked onto the public internet. Dealing with a large number of incidents is already challenging enough, Use GitGuardian honeytokens to buy some peace of mind while you work to eliminate secrets sprawl.

SCA or Software Composition Analysis is an important security tool that helps you understand how your application is made up. Our software is built from open-source components and these components can have vulnerabilities or simply be malicious. SCA scans our applications to identify these components and lets us know if there are vulnerabilities or issues within it. In this short video we explain what SCA tools are and how they work as well as there role in application and cyber security.

In this Tech Tip Tuesday video we share how to securely store secrets like API keys or other credentials environment variables. To do this we use the python dotenv project to store secrets in a.env file and load them into local memory. Subscribe for more tech tips, on Tuesdays and other days.

Attackers are always after your source code! Source code is very leaky and often contains sensitive information like secrets (APi keys or credentials).

Discover the Power of DAST in Cybersecurity | Dynamic Application Security Testing Explained In the digital age, cyber threats are a constant concern. Protecting your organization's data and systems is paramount, and that's where DAST (Dynamic Application Security Testing) comes into play!