September 2023

2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs

Sep 30, 2023 By Wallarm In Wallarm

Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs

Unlocking Seamless API Security: Revenera's Journey with Wallarm

Sep 28, 2023 By Wallarm In Wallarm

In today’s digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog post, we’ll dive into the experience of Rob Davies, VP of Engineering and Lead Architect at Revenera, as he navigates the path from identifying the need for enhanced API security to making a decision, implementing the solution, and reaping the benefits.

Read Post

Wallarm

Read more about Unlocking Seamless API Security: Revenera's Journey with Wallarm

OWASP API Top 10 2023: What changed and why it's important?

Sep 28, 2023 By AppSentinels In AppSentinels

Back in 2019, OWASP released its first API Top-10 list. It quickly gained widespread acceptance and acknowledgment from the industry about the challenges faced in protecting APIs. Since then, growth in APIs has continued, and the threat landscape also evolved rapidly. OWASP has released an updated API Top 10 2023 with quite a few changes from 2019 to address the changes and provide new insights and recommendations.

Read Post

AppSentinels

Read more about OWASP API Top 10 2023: What changed and why it's important?

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Sep 23, 2023 By Wallarm In Wallarm

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

Sep 22, 2023 By Michael Haag In Splunk

On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like mockbin.org and mocky.io.

Read Post

Splunk

Read more about Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

How to Secure a REST API

Sep 22, 2023 By Jeff Darrington In Graylog

Sitting at your desk, coding away with another cup of your favorite caffeine-infused beverage, you might be thinking to yourself, “it’s true what they say about no rest for the weary.” If you’re developing an app or architecting a cloud-native system, you can actually get the REST you need with the right Application Programming Interface (API). REST APIs provide a scalable, flexible, easy-to-use interface that makes developing and connecting web apps easier.

Read Post

Graylog

Read more about How to Secure a REST API

Awards Season Never Stops at Salt!

Sep 21, 2023 By Michelle McLean In Salt Security

We’re entering a new season of fall, but here at Salt, it seems like it’s always awards season! We continue to receive accolades for the Salt Security API Protection Platform – all year round! This time we have been honored with the “Best API Security” award in the 2023 API Awards.

Read Post

Salt Security

Read more about Awards Season Never Stops at Salt!

Introducing Bearer Cloud

Sep 21, 2023 By Bearer In Bearer

Get started today https://www.bearer.com

View Video

Bearer

Read more about Introducing Bearer Cloud

Bearer CLI: Overview

Sep 21, 2023 By Bearer In Bearer

Get to know the Bearer CLI, a code security scanning tool (SAST) that discovers, filters and prioritizes security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD).

View Video

Bearer

API
Security

Read more about Bearer CLI: Overview

Bridging the gap between data security and privacy

Sep 21, 2023 By Bearer In Bearer

Hosted by Bearer and originally recorded January 27, 2022.

View Video

Bearer

Read more about Bridging the gap between data security and privacy

Wallarm AI Engine: How It Works

Sep 21, 2023 By Wallarm

The main task of the run-time application security is to protect modern applications and APIs. In this endeavor the solutions face a number of challenges: Download this whitepaper to learn how Wallarm solves the difficult task of effective application security by relying on AI and machine learning including a unique combination of hierarchical clusterization, statistical n-gram based models, recurrent neural networks and reinforcement learning.

Get White Paper

Wallarm

Read more about Wallarm AI Engine: How It Works

Evolution of Real Time Attack Detection

Sep 21, 2023 By Wallarm

Attack detection is critical for most security solutions, whether we are talking about a load balancer-based (NIDS, WAF), host-based or in-application solutions (HIDS, RASP). Interestingly, regardless of the differences in architecture and data flow, most solutions use similar detection principles and techniques. We will explore how the detection architecture evolved over time and how the new generation of detection logic, such as the architecture implemented by Wallarm, is principally different from that of the legacy solutions.

Get White Paper

Wallarm

Read more about Evolution of Real Time Attack Detection

How Do API Key Codes and Fragments Work? Explained in Detail

Sep 19, 2023 By SecuritySenses In SecuritySenses

In the realm of web development and software integration, APIs (Application Programming Interfaces) play a crucial role in facilitating communication between different systems and applications. To ensure secure and controlled access to APIs, many providers require the use of API key codes and fragments. In this blog post, we will explore how do API key codes and fragments, exploring their purpose, functionality, and best practices for implementation.

Read Post

SecuritySenses

Read more about How Do API Key Codes and Fragments Work? Explained in Detail

Strengthening our CrowdStrike Bond with Falcon Integration

Sep 19, 2023 By Gilad Barzilay In Salt Security

It’s been just about a year since we first announced our partnership with CrowdStrike. We are delighted to share today that we’ve further strengthened that partnership with the new “better-together” story of Salt and the CrowdStrike Falcon® platform.

Read Post

Salt Security

Read more about Strengthening our CrowdStrike Bond with Falcon Integration

Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

Sep 18, 2023 By Wallarm In Wallarm

Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework (CSF). It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to v2.0, and how it applies to API security. Raj and Tim really dug deep into a lot of issues, and answered a lot of questions from the audience.

Read Post

Wallarm

Read more about Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

Sep 16, 2023 By Wallarm In Wallarm

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

8.5% of Docker images expose API and Private Keys

Sep 14, 2023 By Mackenzie Jackson In GitGuardian

A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.

Read Post

GitGuardian

Read more about 8.5% of Docker images expose API and Private Keys

What is an API attack and how does it work

Sep 11, 2023 By Jeff Darrington In Graylog

If you want to visualize how data flows across your connected applications, you can think back to that childhood game of Chutes and Ladders (also called Snakes and Ladders). As a kid, the board felt like a confusing grid that had the weirdest, seemingly arbitrary connections between blocks. In your modern digital environment, your Application Programming Interfaces (APIs) fulfill the same role that the ladders and chutes/snakes fulfilled, connecting disparate blocks across a larger whole.

Read Post

Graylog

Read more about What is an API attack and how does it work

2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Sep 9, 2023 By Wallarm In Wallarm

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery (SSRF). In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Celebrating 100,000 scans

Sep 6, 2023 By Guillaume Montard In Bearer

A little over 5 months ago, we launched our free and open code security product Bearer CLI to help teams identify both security and privacy risks in the earliest stages of the software development process. Please join us in celebrations, as today we are very excited to have achieved a key milestone in our journey - 100,000 code security scans!

Read Post

Bearer

Read more about Celebrating 100,000 scans

Pythons and Birds: Duolingo and Telegram Hacked?

Sep 6, 2023 By Cato Networks In Cato Networks

In this week's episode, Bill and Robin explore the dangers of programmatic interfaces! The language-learning website, Duolingo, has fallen victim to an API exploit which has exposed 2.6 million user accounts, and there's threat actors on the dark web who are using Python to subversively change messages in Telegram threads. What's happening in the world, why should you care, and how can you stay protected?

View Video

Cato Networks

Read more about Pythons and Birds: Duolingo and Telegram Hacked?

2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

Sep 2, 2023 By Wallarm In Wallarm

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

Q2-2023 API ThreatStats Report

Sep 1, 2023 By Wallarm

In this comprehensive Q2-2023 report, we reflect on an intensified API threat landscape, underlining prevalent threat vectors, susceptible APIs, and new dimensions in the API security arena. With the inclusion of bug bounty analysis and our inaugural API Security Awards, this report provides granular insights into the current state of API security.

Get Report

Wallarm

Read more about Q2-2023 API ThreatStats Report

A CISO's Guide to Cloud Application Security

Sep 1, 2023 By Wallarm

The following guidelines will help senior stakeholders set strategy to secure modern applications, learning: Applications are the operational mechanism for how a modern enterprise conducts transactions and uses data. Whether internal or customer-facing, apps are critical for your successful business operations. That means securing apps should be a business priority.

Get Guide

Wallarm

Read more about A CISO's Guide to Cloud Application Security

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2023

2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs

Unlocking Seamless API Security: Revenera's Journey with Wallarm

OWASP API Top 10 2023: What changed and why it's important?

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

How to Secure a REST API

Awards Season Never Stops at Salt!

Introducing Bearer Cloud

Bearer CLI: Overview

Bridging the gap between data security and privacy

Wallarm AI Engine: How It Works

Evolution of Real Time Attack Detection

How Do API Key Codes and Fragments Work? Explained in Detail

Strengthening our CrowdStrike Bond with Falcon Integration

Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

8.5% of Docker images expose API and Private Keys

What is an API attack and how does it work

2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Celebrating 100,000 scans

Pythons and Birds: Duolingo and Telegram Hacked?

2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

Q2-2023 API ThreatStats Report

A CISO's Guide to Cloud Application Security

Monthly Archive

Follow Us