API

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Sep 23, 2023 By Wallarm In Wallarm

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

Sep 22, 2023 By Michael Haag In Splunk

On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like mockbin.org and mocky.io.

Read Post

Splunk

Read more about Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

Noname Security and Intel Trust Authority: Building Trust Through Confidential Computing

Sep 22, 2023 By David Thomason In Noname Security

Intel’s Trust Authority is a new service that provides remote verification of the trustworthiness of a compute asset, based on attestation (cryptographic verification) and policy (a legitimate workload). This is a significant development for confidential computing, as it provides a way for organizations to independently verify the security of their workloads. Noname Security is excited to be a partner in the Intel Trust Authority program.

Read Post

Noname Security

Read more about Noname Security and Intel Trust Authority: Building Trust Through Confidential Computing

How to Secure a REST API

Sep 22, 2023 By Jeff Darrington In Graylog

Sitting at your desk, coding away with another cup of your favorite caffeine-infused beverage, you might be thinking to yourself, “it’s true what they say about no rest for the weary.” If you’re developing an app or architecting a cloud-native system, you can actually get the REST you need with the right Application Programming Interface (API). REST APIs provide a scalable, flexible, easy-to-use interface that makes developing and connecting web apps easier.

Read Post

Graylog

Read more about How to Secure a REST API

Awards Season Never Stops at Salt!

Sep 21, 2023 By Michelle McLean In Salt Security

We’re entering a new season of fall, but here at Salt, it seems like it’s always awards season! We continue to receive accolades for the Salt Security API Protection Platform – all year round! This time we have been honored with the “Best API Security” award in the 2023 API Awards.

Read Post

Salt Security

Read more about Awards Season Never Stops at Salt!

Wallarm AI Engine: How It Works

Sep 21, 2023 By Wallarm

The main task of the run-time application security is to protect modern applications and APIs. In this endeavor the solutions face a number of challenges: Download this whitepaper to learn how Wallarm solves the difficult task of effective application security by relying on AI and machine learning including a unique combination of hierarchical clusterization, statistical n-gram based models, recurrent neural networks and reinforcement learning.

Get White Paper

Wallarm

Read more about Wallarm AI Engine: How It Works

Evolution of Real Time Attack Detection

Sep 21, 2023 By Wallarm

Attack detection is critical for most security solutions, whether we are talking about a load balancer-based (NIDS, WAF), host-based or in-application solutions (HIDS, RASP). Interestingly, regardless of the differences in architecture and data flow, most solutions use similar detection principles and techniques. We will explore how the detection architecture evolved over time and how the new generation of detection logic, such as the architecture implemented by Wallarm, is principally different from that of the legacy solutions.

Get White Paper

Wallarm

Read more about Evolution of Real Time Attack Detection

Finding API Flaws Before Production

Sep 20, 2023 By Harold Bell In Noname Security

API flaws can cause several problems that can have negative consequences in production. These issues can range from security vulnerabilities, poor performance, and functionality errors. But most importantly, API flaws can lead to data breaches, system downtime, and damage to your company’s reputation. Therefore, it’s essential to thoroughly test and monitor APIs to detect and fix any flaws before they cause significant harm.

Read Post

Noname Security

Read more about Finding API Flaws Before Production

How Do API Key Codes and Fragments Work? Explained in Detail

Sep 19, 2023 By SecuritySenses In SecuritySenses

In the realm of web development and software integration, APIs (Application Programming Interfaces) play a crucial role in facilitating communication between different systems and applications. To ensure secure and controlled access to APIs, many providers require the use of API key codes and fragments. In this blog post, we will explore how do API key codes and fragments, exploring their purpose, functionality, and best practices for implementation.

Read Post

SecuritySenses

Read more about How Do API Key Codes and Fragments Work? Explained in Detail

Strengthening our CrowdStrike Bond with Falcon Integration

Sep 19, 2023 By Gilad Barzilay In Salt Security

It’s been just about a year since we first announced our partnership with CrowdStrike. We are delighted to share today that we’ve further strengthened that partnership with the new “better-together” story of Salt and the CrowdStrike Falcon® platform.

Read Post