Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How to integrate third-party APIs in Drupal

Jan 27, 2026 By miniOrange In miniOrange
Learn how to create and manage Custom REST API endpoints in Drupal using the Custom API module. This step-by-step tutorial shows how to build APIs without writing complex backend code, using Drupal’s core REST and routing system. Comprehensive Documentation: Don't forget to subscribe to our channel and click on the bell icon to get notifications about new uploads.
View Video

Business Logic Abuse: The Attack You Can't Patch #businesslogic #apisecurity #cybersecurity

Jan 27, 2026 By Wallarm In Wallarm
The attack that no patch can fix Scenario:"Give me one million pizzas" API responds: "OK, one million pizzas at $0.01 each" Attacker: "Thanks!" What happened? API works exactly as designed Syntax is correct Protocol is followed WAF sees nothing wrong BUT the business logic intended: "Max 100 pizzas per order, at normal pricing".
View Video
salt security

From the Data Lake to the Edge: Why Universal Visibility is the Future of API Security

Jan 22, 2026 By Eric Schwake In Salt Security
If you look at an enterprise architecture diagram from five years ago, it looks relatively tidy. You had a data center, maybe a cloud provider, and a few gateways. Today, that diagram looks like a constellation. Data is living in AI platforms like Databricks. Frontend applications are pushed to the edge on Netlify. Logic is scattered across microservices, serverless functions, and legacy IIS servers. For security teams, this fragmentation creates a massive headache: Blind Spots.
Read Post

Your API Is the New Titanic (Iceberg Already Here) #apisecurity #cybersecurity #riskmanagement #api

Jan 22, 2026 By Wallarm In Wallarm
The Titanic didn't hit the iceberg by accident. Organizations hit the API security iceberg for the same reason: they didn't see it coming. Your API iceberg consists of: Public APIs — for customers (SaaS, partners, third-parties) Private APIs — internal infrastructure (larger companies = larger insider threat surface) Partner APIs — for ecosystem integration AI APIs — the new frontier (and the most dangerous)
View Video

$170k Gone in One Day - API Paid Out Money Itself #apisecurity #cybersecurity #fraud #api #ai

Jan 20, 2026 By Wallarm In Wallarm
This isn't a data leak. This is direct financial loss. The case: Flex Pay (payment processor in India) The vulnerability: An API flaw allowed unauthorized payouts The impact: $170,000 vanished in a single day Why this matters: Most CISOs focus on data breaches. But some APIs control MONEY. If that API is vulnerable, the attacker doesn't steal data—they drain your accounts. Attackers aren't always after data. Sometimes they're after money. And financial APIs are often the most neglected from a security perspective.
View Video
astra

10 Best API Pentesting Tools in 2026 [Expert Opinion]

Jan 16, 2026 By Jinson Varghese In Astra
Security testing often becomes fragmented as systems scale and APIs multiply across platforms. Different teams use different tools, leading to inconsistent vulnerability identification and patching, which creates gaps in security and leaves organizations vulnerable to increasingly sophisticated API attacks.
Read Post
astra

How to Build an Enterprise API Security Strategy (Beyond Gateways and Checklists)

Jan 15, 2026 By Rishabh Goyal In Astra
In the last few years, many of the largest data exposures haven’t come from broken pages or leaked databases. They’ve come from APIs. Public reports around large-scale scraping incidents at companies like Meta and LinkedIn showed how exposed APIs, not traditional web flaws, were used to pull massive volumes of user data at scale. This isn’t an edge case anymore. APIs now sit at the center of how enterprises move data between applications, partners, and customers.
Read Post
astra

Do We Have Full API Visibility Across Our Entire API Ecosystem?

Jan 15, 2026 By Jinson Varghese In Astra
Over 68% of companies have suffered API security breaches at a cost exceeding $1M. The question is not whether your APIs are vulnerable, but whether you can detect the threats in time. With API traffic comprising 71% of all web activity, the digital backbone of the modern enterprise is both our greatest strength and most exploited threat surface. Are we seeing every single API? These statistics reveal a concerning reality for most organizations.
Read Post

What We Got Right (and Wrong) about 2025

Jan 14, 2026 By Wallarm In Wallarm
Watch now for a clear and candid look back at the predictions made for 2025 by Wallarm and by other voices across the industry. During the session, we revisit what people expected to happen in cybersecurity, API security, and the broader technology space, and compare those expectations with what actually unfolded throughout the year.
View Video

How Agentic AI Creates Shadow APIs: Security Risks Explained

Jan 14, 2026 By A10 Networks In A10 Networks
How Agentic AI Creates Shadow APIs: Security Risks Explained As businesses move from static applications to Agentic AI, the security landscape is shifting beneath our feet. In this clip from the A10 Networks webinar, "APIs are the Language of AI: Protecting Them is Critical," experts Jamison Utter and Carlo Alpuerto discuss a new frontier in cybersecurity: AI that builds its own APIs.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.