API

A Proof-of-Concept for API Caching at Egnyte

Feb 8, 2022 By Jacob Runyan In Egnyte

As Egnyte’s business and customer base grows, we have an engineering responsibility to provide data quickly and at high availability. In this blog I’ll recap one of those efforts—a proof-of-concept API caching project that serves our large folder listing capabilities and has future applications in other Egnyte services.

Read Post

Egnyte

Read more about A Proof-of-Concept for API Caching at Egnyte

Snyk's shift left approach to API development

Feb 1, 2022 By Terence Tirella In Snyk

Snyk’s developer security platform provides developers and security professionals with the tools they need to build and operate modern applications securely. Snyk enables users to shift security left and to embrace a DevSecOps model. Modern application development teams understand that shifting left means bringing information to developers’ fingertips as early as possible in the development process to create efficient and secure applications and development processes.

Read Post

Snyk

Read more about Snyk's shift left approach to API development

Managing API Specifications in the Veracode Platform

Jan 28, 2022 By Veracode In Veracode

In this video, you will learn how to upload, update, and delete API specifications using the API Specification Management tab in the Veracode Platform. This tab is a feature of Dynamic Analysis API Scanning.

View Video

Veracode

Read more about Managing API Specifications in the Veracode Platform

Outpost24 Webinar - API security 101 and how to secure your web applications

Jan 27, 2022 By Outpost 24 In Outpost 24

APIs are a key part of modern web applications and a growing security challenge that isn’t well understood by developers and application security managers, leading to exposed APIs that give hackers access to sensitive data. Find out how to secure your APIs and prevent vulnerabilities from making it into production.

View Video

Outpost 24

Read more about Outpost24 Webinar - API security 101 and how to secure your web applications

Tooling Overview for API Testing (SAST, DAST, IAST, Fuzzing)

Jan 7, 2022 By Roman Wagner In Code Intelligence

Application Programming Interface (APIs), allow services to communicate with each other. Naturally, applications that are interconnected through many APIs, require thorough security testing, as each connection could potentially include software vulnerabilities. Since there are different methods to test these junctions, I want to briefly discuss the benefits and weaknesses of the most commonly used API testing methods in this article.

Read Post

Code Intelligence

Read more about Tooling Overview for API Testing (SAST, DAST, IAST, Fuzzing)

AlgoSec API Swagger

Jan 4, 2022 By AlgoSec In AlgoSec

On premise and in the cloud, AlgoSec simplifies and automates network security policy management to make your enterprise more agile, more secure and more compliant – all the time. The AlgoSec platform provides a set of Swagger API documentation, available right from the platform itself. Swagger enables you to execute API request calls and access lists of requested parameters.

View Video

AlgoSec

Read more about AlgoSec API Swagger

Review API Scanning Results

Dec 22, 2021 By Veracode In Veracode

In this video, you will learn how to review Dynamic Analysis scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

View Video

Veracode

Read more about Review API Scanning Results

Review API Scanning Prescan Results

Dec 22, 2021 By Veracode In Veracode

In this video, you will learn how to review Dynamic Analysis prescan scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

View Video

Veracode

Read more about Review API Scanning Prescan Results

The Good, the Bad, and The Ugly: Understanding the API Security Top 10 List

Dec 17, 2021 By Jared Carlson In Veracode

The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.

Read Post

Veracode

Read more about The Good, the Bad, and The Ugly: Understanding the API Security Top 10 List

Continuous REST API Testing With CI Fuzz

Dec 10, 2021 By Simon Resch In Code Intelligence

CI Fuzz is a platform for automated security testing that aims to enable developers to ship secure software fast. The platform empowers development teams to automatically deploy continuous REST API security tests with each pull request. Since it enables the instrumentation of entire web service environments, CI Fuzz can create test inputs that are guided by code coverage. This enables it to uncover complex vulnerabilities and edge cases that other tools often overlook.

Read Post