Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

detectify

The API vulnerabilities nobody talks about: excessive data exposure

Oct 28, 2025 By Joviane Jardim In Detectify
TLDR: Excessive Data Exposure (leaking internal data via API responses) is the silent, pervasive threat that is more dangerous than single dramatic flaws like SQL Injection. It amplifies every other API vulnerability (like BOLA) and happens everywhere because developers prioritize speed over explicit data filtering. Fixing it means systematically checking hundreds of endpoints for unneeded PII and sensitive internal data.
Read Post
wallarm

API Attack Awareness: Business Logic Abuse - Exploiting the Rules of the Game

Oct 27, 2025 By Wallarm In Wallarm
As Cybersecurity Awareness Month continues, we wanted to dive even deeper into the attack methods affecting APIs. We’ve already reviewed Broken Object Level Authentication (BOLA), injection attacks, and authentication flaws; this week, we’re exploring business logic abuse (BLA). Unlike technical flaws, business logic flaws exploit how an API is designed to behave.
Read Post
detectify

New API testing category now available

Oct 23, 2025 By Detectify In Detectify
Our API scanner can test for dozens of vulnerability types like prompt injections and misconfigurations. We’re excited to share today that we’re releasing vulnerability tests for OAuth API authorization for organizations that use JWT tokens. These JWT, or JSON Web Tokens, are meant to prove that you have access to whatever it is you are accessing. One of the most critical JWT vulnerabilities is algorithm confusion.
Read Post

After the AWS Outage: How to Build Systems That Survive

Oct 23, 2025 By Wallarm In Wallarm
When AWS goes down, the ripple effects are global, from authentication failures to service disruptions that bring businesses to a standstill. But while every outage makes headlines, the real question is: Why are so many organizations still unprepared? In this live fireside chat, Wallarm’s Field CTO, and STO of Security Edge, Tim Ebbers, unpacks the architectural lessons behind the latest AWS outage — and what engineering, DevOps, and security leaders can do today to prevent history from repeating itself.
View Video

How I 'Hacked' an Online Store #businesslogic #ecommerce #cybersecurity #apisecurity

Oct 23, 2025 By Wallarm In Wallarm
A $10,000 Order for $1? Your Business Logic is Broken Attackers aren't just breaking code; they're exploiting the rules of your business to commit fraud. When your application's logic is flawed: Your payment and fulfillment systems can be desynchronized. You can lose massive revenue to easily preventable abuse. Your inventory and financial reporting become unreliable. Watch how a simple business logic flaw can lead to catastrophic financial loss in this real-world example. Is your e-commerce platform safe?
View Video
Trustwave

API Security: Challenges for a Secure Digital Frontier

Oct 21, 2025 By Dora Miranda In Trustwave
Organizations continue their digital transformation, with APIs now serving as the main communication links between applications, platforms, services, and partners. The widespread use of APIs introduces new security risks despite their common presence. The growing number of APIs significantly increases the cyber risks that security teams must address as they keep up with technological advances.
Read Post
wallarm

Key API Security Takeaways from the Postman 2025 State of API Report

Oct 21, 2025 By Wallarm In Wallarm
API security has never been more important because modern APIs are operational necessities. Unfortunately, many organizations are failing to adapt their security models to a rapidly changing API threat landscape. Like it or not, we live in an AI-first world, and API security must reflect that reality. The Postman 2025 State of API Report is confirmation of that fact.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.