API

API Abuse - Lessons from the Duolingo Data Scraping Attack

Aug 25, 2023 By Wallarm In Wallarm

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was working as designed.

Read Post

Wallarm

Read more about API Abuse - Lessons from the Duolingo Data Scraping Attack

API Security Fundamentals

Aug 24, 2023 By Indusface In Indusface

API attacks have risen 400% in the last six months, as per Security Boulevard. This has caused 59% of organizations to delay the release of new applications due to concerns about API security. As industries look to integrate with third-party software more often to improve their business operations, the security of OpenAPIs has become critical.

View Video

Indusface

API
Security

Read more about API Security Fundamentals

Understanding API Attacks: Why they are different and how to stop them

Aug 24, 2023 By Salt Security In Salt Security

API attacks aren’t like traditional application attacks. Understanding those differences is crucial to protecting the valuable data and services your APIs enable. Nick Rago, Salt Security Field CTO, discusses in this webinar: We hope you enjoy the webinar on the changing nature of API attacks and learn the best practices to keep your organization safe.

View Video

Salt Security

Read more about Understanding API Attacks: Why they are different and how to stop them

Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements

Aug 24, 2023 By Wallarm In Wallarm

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four (4) days.

Read Post

Wallarm

Read more about Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements

In the Alleys of Black Hat and DEF CON 2023: The Quiet API Security Crisis

Aug 23, 2023 By Salt Technical Engineering In Salt Security

The neon lights of Black Hat and DEF CON, with their flashing demos and groundbreaking presentations, often dazzle attendees and cyber enthusiasts alike. From AI-driven hacking tools to quantum encryption, the subjects covered span a vast spectrum. However, as with any vibrant city, these include areas of risk and concern. For Black Hat 2023 events, APIs are core to these areas.

Read Post

Salt Security

Read more about In the Alleys of Black Hat and DEF CON 2023: The Quiet API Security Crisis

Why No Business in 2023 Can Grow without APIs

Aug 22, 2023 By Ross Moore In Tripwire

Businesses of all sizes are increasingly relying on APIs to connect with their customers, partners, and other systems. APIs, or application programming interfaces, are the building blocks of the modern web, and they allow businesses to share data and functionality in a secure and efficient way. Without APIs, businesses are limited in their ability to innovate and grow. They lack the ability to integrate with other systems, create new products and services, or reach new markets.

Read Post

Tripwire

Read more about Why No Business in 2023 Can Grow without APIs

What does a modern code security pipeline look like? (Hint: not like a pipeline).

Aug 22, 2023 By Guillaume Montard In Bearer

What does a good DevSecOps pipeline should look like from a code security perspective? We hear this question often, and even though there are multiple answers, we’ve put together a blueprint that everybody could easily start with.

Read Post

Bearer

Read more about What does a modern code security pipeline look like? (Hint: not like a pipeline).

Salt Wins Prestigious SC Magazine Award - "Best API Security Solution"

Aug 21, 2023 By Michelle McLean In Salt Security

It never gets old! We’re excited to share that Salt has won yet another award – our 15th award this year! This time, we have been named the “Best API Security Solution” in the renowned 2023 SC Awards. The SC Awards are cybersecurity’s most prestigious and competitive honor. The premier recognition program honors outstanding innovations, organizations and leaders that are advancing the practice of information security.

Read Post

Salt Security

Read more about Salt Wins Prestigious SC Magazine Award - "Best API Security Solution"

Accelerating API Security with Intel & Noname Security

Aug 21, 2023 By Noname Security In Noname Security

Rick Echevarria, General Manager for Intel Security Center of Excellence and David Thomason, Worldwide Director of Alliances at Noname Security, sit down to discuss the expanding API attack surface, how the two companies are working together to provide next-generation API Security, as well as share their thoughts about the joint roadmap going forward. If you'd like to learn more about the partnership between Intel and Noname Security, please visit one of the following links.

View Video

Noname Security

API
Security

Read more about Accelerating API Security with Intel & Noname Security

How to Secure Your Financial Services APIs

Aug 21, 2023 By Noname Security In Noname Security

Todd Hathaway, Solutions Architect, Global FinServ Practice for World Wide Technology (WWT), and Karl Mattson, CISO for Noname Security, sit down to discuss the rapidly expanding API attack surface and what financial services organizations need to do in order to protect themselves from malicious threats. By the time the video is done, you will have firm understanding of the ramifications if APIs are left insecure, as well as a set of industry-proven best practices that will help you immediately improve your API Security Posture.