Regardless of the techniques used, going big, expensive, and glossy – while potentially useful - doesn’t replace the need for a well-reasoned approach to securing assets founded on traditional activities and principles. Innumerable assets are housed behind APIs, and the widespread use of APIs means they are high-profile targets. Securing them is of the utmost importance.

In 2013, hackers breached an HVAC provider’s network, giving them access to 40 million credit and debit card numbers from their biggest client: Target. It took years to repair the damage. Relying on third-party vendors is necessary but still presents a cybersecurity risk. How will the companies handle your clients’ data? How vulnerable are they to being hacked?

The latest Salt Labs State of API Security report is out, and we’re excited to share with you some of the key findings. The security industry news has frequently covered high-profile application programming interface (API) breaches over the past few years, so it’s no surprise that our research found that attackers have upped their activity. Salt Labs analyzed the past year of Salt customer data and found a 400% increase in unique attackers just over the last six months alone.

It’s no exaggeration to say that APIs are the backbone of the modern digital economy. API usage has seen staggering exponential growth over the last two decades with sources like Postman's 2022 State of the API Report illustrating just how embedded APIs are into our modern world. In 2022, the Postman API platform saw 20 million users and over 1 billion API requests created.

We’ve already had the first major API-related cybersecurity incidents for 2023. The T-Mobile API breach exposed the personally identifiable information (PII) of 37 million customers. The API attack had been going on since November but was not discovered and disclosed until January 19, illustrating the threat of the “low and slow” approach of API attacks, which are increasing at a steady pace.

The GitGuardian API lets you remediate your secret incidents from any platform you prefer. We are proud to release a new demo application to help you learn how to automate your workflows.

When a consumer opens a bank account, the bank goes through a procedure called bank account verification. It enables all required checks to be made on the account user and the source of their income, successfully stopping illegal activities like money laundering and the financing of terrorism. In this post, we’ll examine how to validate a bank account and its owner, as well as the legal considerations that must be made while validating a client’s bank account.

API keys are unique identifiers that enable developers to access and interact with an application's data and services. They act as a bridge between applications, allowing them to share data and functionality. In today's digital world, API keys are increasingly important as they facilitate seamless communication between various applications and services.

I’m excited to share the latest evidence of Salt leadership in API security, with two powerful tributes. First – Salt Security has been honored as winning the “Peace of Mind” category during the first-ever Ally Technology Partner Awards! Ally Financial, the nation’s largest digital-only bank and leading auto finance company, highlighted five suppliers for their outstanding service excellence across a broad array of criteria.

On March 7, 2023, Loom experienced a security incident caused by a settings change in their CDN. Even with extensive internal testing, the nature of the problem caused it to go unnoticed until the change landed in production. Their incident report is a great explanation of the issue itself, so I won't reiterate much of it here, but what I will look at is a related issue, and how static code analysis tools integrated into development pipelines could have prevented the issue.

Keeping our customers’ data safe so that they can move forward with business innovation is our constant north star here at Salt. But it’s even more gratifying when our mission is in service to a higher purpose, as it is with today’s announcement of our deployment at Guild Education. With its Career Opportunity Platform, Guild Education helps employees forge a better career path through education.

According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns.

Last week, three golds. This week, two more. Wow – the accolades keep coming. Salt took top honors in two Globee® Cybersecurity World Award categories: Hot Security Company of the Year for Security Software, and API Management and Security! You can read all the formal details in our announcement. We’ve earned five awards in the past two weeks, and the month isn’t even half over.

The OWASP API project has recently decided to refresh the popular API Security Top 10 threat map. The team at Salt Security has always been actively involved in this project, having been a key contributor to the initial creation of the list. And we continue to be deeply involved in the thinking process, data gathering, and brainstorming in updating it. As of the writing of this post, the final version of API Security Top 10 2023 has not been officially released.

It’s our own version of the triple crown! Salt Security has won gold in not one, not two, but three categories in the 2023 Cybersecurity Excellence Awards! It’s like being at the Oscars and winning Best Picture, Best Actor, and Best Director! Check out our award announcement! This year, Salt won highest honors for: Being recognized as the top solution for API security means a lot to our team.

For the last two years, we’ve been quietly building a new kind of static application security testing (SAST) solution that allows security and engineering teams to assess, prioritize, and remediate security risks and vulnerabilities in their code by what matters most - sensitive data. Today, we are officially announcing its release as an Open Source project, Bearer.

Overall, while API email security services can provide a valuable layer of protection against email-based threats, they are not foolproof and can have limitations and weaknesses. It is important to consider these weaknesses when selecting and configuring an API email security service.

API attacks have dominated the cybersecurity news cycle lately. In early 2023, T-Mobile made news for an API-based breach of 37 million PII records of its past and present customers. And last year, Optus, a major telecommunications company in Australia, experienced an API security incident that exposed around 10 million customer records. And API attacks that aren't quite as ”newsworthy” happen every single day.

Is your security tool an island? Does it do its singular task with little more to offer than what it says on the package? Too many security offerings behave as singular entities, forcing you to constantly perform task switching to complete a job. If you are using a robust tool, then you may not be taking full advantage of its capabilities. Many capabilities of a good tool can be broadened with the use of an Application Programming Interface (API)

Salt has long benefited from the unique support that comes from being part of the Y Combinator accelerator program (Salt was in the Winter 2016 batch), and all these years later, we’re thrilled to have been named to not one but two of YC’s Top Company lists – the Top Private YC companies 2023 and the YC Breakthrough Companies 2023. For the Top Private list, it’s deja vu all over again, since we made that list last year as well.

OAuth (Open Authorization) is a modern, open authorization standard designed to allow cross-application access delegation – for example, allowing your application to read data from your Facebook profile. Combined with the proper extensions, OAuth can also be used for authentication – for example, to log into your application using Google credentials. Since its first introduction in 2006, OAuth has gained tremendous popularity.