Secret management can be a complex challenge, especially when you are trying to do it in a way that is right for security. Key rotation is a big piece of that puzzle. In this article, we will take you from zero to hero on key rotation.

As I look at the range of API Management approaches that are recommended by various analysts, pundits, and vendors, I find it interesting that most don’t really know how to address “security” in the context of API management. In high-level API lifecycle management diagrams securing APIs is rarely called out visually, although it may be addressed briefly in an accompanying paragraph.

I recently hosted and moderated a distinguished panel of Chief Information Security Officers (CISOs) - Nitin Raina, CISO at ThoughtWorks, Mike Wilkes, former CISO at Marvel and Yogesh Badwe, CSO at Druva. We discussed major trends for 2024 across an array of topics including the evolving threat landscape, recent regulations, data privacy considerations, securing product and critical infrastructure.

Bearer CLI, our free and open code security (SAST) scanner, has now been downloaded over 50,000 times since its launch back in March — this year! Behind this number are represented some key industry trends: Let’s dig in!

Navigating the delicate balance between an expanding number of engineers and the imperative for robust Application Security (AppSec) practices is no small feat. In this interview, we delve into the invaluable perspective of Jeevan Singh, the Director of Security Engineering at Rippling, the #1 workforce management platform. He shares insights and strategies that have allowed him in his career to successfully navigate the intricate maze of security amidst a high engineer-to-AppSec ratio.

An application’s attack surface is the sum of all the areas of an application which could be attacked by malicious attackers. This includes the application’s APIs, the underlying code, supporting infrastructure, and any other components which could be compromised. The goal for any organization is to reduce the attack surface area by discovering and minimizing potential vulnerabilities.

Artificial Intelligence (AI) is a hot topic these days, especially across the security industry. There's hardly a day when we don't read about its potential to create an impact on our lives, for better or worse. As a security company, we truly believe in the potential of AI, but we didn't want to jump into the deep end without careful consideration as we followed the buzz with a healthy amount of skepticism.

The process of protecting web API from attacks and ensuring only authorized access takes place is called API security. In the past six months attacks targeting APIs have increased by 400%. This has resulted in API security becoming a C-level discussion in many companies.

In the fast-paced digital world, think of Application Programming Interfaces (APIs) as the threads that stitch together the fabric of our tech ecosystems. They're often overlooked, quietly ensuring that your apps communicate seamlessly and keep the digital world running smoothly. The majority of organizations grapple with a common challenge — limited visibility into their public API attack surfaces.