If you want to visualize how data flows across your connected applications, you can think back to that childhood game of Chutes and Ladders (also called Snakes and Ladders). As a kid, the board felt like a confusing grid that had the weirdest, seemingly arbitrary connections between blocks. In your modern digital environment, your Application Programming Interfaces (APIs) fulfill the same role that the ladders and chutes/snakes fulfilled, connecting disparate blocks across a larger whole.

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery (SSRF). In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

A little over 5 months ago, we launched our free and open code security product Bearer CLI to help teams identify both security and privacy risks in the earliest stages of the software development process. Please join us in celebrations, as today we are very excited to have achieved a key milestone in our journey - 100,000 code security scans!

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

When people talk about complex, interconnected ecosystems, they’re really talking about how applications share data and communicate with each other. Like the air-lock on a spaceship lets people pass between physical environments, Application Programming Interfaces (APIs) enable data to pass between digital environments. However, since APIs act as access points between applications, they create potential security risks.

This is the third installment in the National Cybersecurity Strategy series. To read the other two blogs, click here for part 1 and here for part 2. As I was drafting the third installment on the National Cybersecurity Strategy, the National Cybersecurity Strategy Implementation Plan was published. This follow-on document provides greater specificity on detailed actions to be taken. As such, moving forward, the two should be viewed together and assessed as a pair.

Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.