API

Event: Bridging the data security and privacy gap

Security and privacy are inherently linked, yet decisions about each are often made in silos. It can be a challenge for teams of all sizes, with varied specialities, to connect the two domains. With that in mind, we’re pleased to announce our first live panel event: How do you bridge the gap between data security and privacy?

APIDays: Data Privacy in the age of cloud-native applications

APIDays is a world series of conferences about—you guessed it—APIs. It made a lot of sense for us to attend it in past years, since we started Bearer as an API monitoring platform. As we pivoted to a data security product a year ago, we wondered if we still had something to contribute. That was until we learned that APIDays would host the Privacy Engineer Conference.

Review API Scanning Prescan Results

In this video, you will learn how to review Dynamic Analysis prescan scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

Review API Scanning Results

In this video, you will learn how to review Dynamic Analysis scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

The top 3 data security problems plaguing tech companies

Tech companies building cloud-native applications face a set of unique and rising data protection challenges. At Bearer, we had the chance to speak with 100+ data security and privacy professionals including Chief Information Security Officers, Directors of Security Engineering, Application Security Engineers, Data Protection Officers, Privacy Engineers, and many more. Here are the top concerns that keep them up at night.

The Good, the Bad, and The Ugly: Understanding the API Security Top 10 List

The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.

Pivoting to data security

End of summer 2020: Bearer takes the decision to pivot. We have been building an API monitoring & debugging solution for engineering and DevOps teams. We have a stable product and dozens of users onboard. Even so, after months of iterations product adoption is still low and our positioning with all-in-one monitoring solutions is disadvantageous. Product-Market-Fit (PMF) is definitely not in the line of sight.

Bearer and Trace announce industry partnership

Bearer has partnered with Trace to help companies leverage the best of services and software and build a connected compliance program. Bearer is innovating data risk assessments to build intelligence and stack visibility at scale, while the Trace team brings decades of client-led professional services experience in privacy and data security. Together, the two companies bring the best blend of human and tech capabilities to shape the future of compliance.

Why authorization and authentication are important to API security - and why they're not enough

The number of machine identities for which organizations are responsible has “exploded” in recent years, according to Security Boulevard. These machine identities include devices and workloads. But they also include application programming interfaces (APIs). Organizations use APIs to connect the data and functionality of their applications to those managed by third-party developers, business partners, and other entities, per IBM.