We’re partnering with Postman to streamline how you securely build, test, and work with APIs.

As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we encourage you to download the full report, here are some key observations about what you’ll find within. API threats to AI applications are clearly on the rise.

Digital transformation has resulted into an API-first economy where every organization is integrating deeper with customers, partners & suppliers. APIs are the gateways powering this integration. As per a Kong report in 2023, APIs will have a projected global economic impact of $14.2 trillion by 2027 – that’s more than the GDP of the UK, Japan, France, and Australia combined. As APIs drive growth, every organization will need to implement robust security systems in place for their APIs.

OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.

Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, lightweight API Firewall designed to protect REST and GraphQL API endpoints across cloud-native environments using API schema validation. By relying on a positive security model, our API Firewall only allows calls that match a predefined API specification while rejecting everything else.

In large-scale SD-WAN deployments, both enterprises and Managed Security Service Providers (MSSPs) place a high priority on ensuring that SD-WAN CPEs seamlessly integrate with the nearest Netskope NewEdge Network Point of Presence (PoP). Automating this integration process is crucial as it not only saves considerable time but also boosts business agility.

If you are building an API, you are most likely evaluating the pros and cons of available technologies. Sooner or later, you will surely come across NodeJS. NodeJS helps to create stable, scalable, and backward-compatible APIs. Besides the functionalities, you can’t overlook the security risk that comes with them. Misconfigured, insecure APIs leave your companies with high-profile cyber-attacks. Like any APIs, those developed with NodeJS come with security threats.

The Payment Card Industry Data Security Council created PCI DSS as the global standard for protecting payment data. The PCI DSS is the compliance stick to which entities that transmit, store, handle, or accept credit card data of any size must adhere. Recently, PCI DSS came up with version 4.0. In this blog, we delve deeper into the new version and explain why securing APIs is critical for PCI DSS compliance and how organizations can do so.

The Gartner research paper “What You Need to Do to Protect Your APIs” outlines key requirements for bolstering API security measures. In this blog post, we’ll delve deeper into these requirements as introduced by Gartner, explain their significance, and demonstrate how AppSentinels offers comprehensive solutions for each requirement. As per Gartner, the second step is to assess the security of these APIs.

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto is here. Palo Alto has marked this vulnerability as critical and NVD has scored it a 10.0 with CVSSv3. Wallarm currently detects attacks against this vulnerability with no additional configuration required.

Simply put, APIs (short for application programming interface) are how machines, cloud workloads, automation and other non-human entities communicate with one another. They also represent an access point to highly sensitive company data and services. Almost every organization uses these machine interfaces, and their usage is only growing because they are essential to digital transformation and automation initiatives.

APIs (Application Programming Interfaces) have become the backbone of many modern applications, and indeed the foundation of some businesses services. APIs enable seamless communication between applications, services and systems, allowing organisations to innovate, collaborate and deliver value to their customers. However, as reliance on APIs grows, so does the need for robust security measures to protect these critical digital assets from potential threats.

APIs (Application Programming Interfaces) have proliferated widely, which increases their susceptibility to various vulnerabilities. In the realm of web applications, prime examples that stand out are SOAP (Simple Object Access Protocol) and Representational State Transfer (REST) APIs. Due to their inherent complexity and the dynamic nature of software ecosystems, common vulnerabilities include inadequate authentication mechanisms and injection attacks such as SQL injection or cross-site scripting (XSS).

APIs are foundational to modular application development. They support an organization’s internal services as well as provide a mechanism for customers to access certain services or datasets for their own applications. Because of the role that both internal and public-facing APIs play in applications, they are considered one of the top targets for threat actors.

Going to a vendor's Knowledge Base (KB) is often the first place practitioners go to get the product deployed or troubleshoot issues. Even with advanced search tools, historically, KBs have been challenging to find relevant content quickly, and navigating a KB can be frustrating. At Salt Security, not only do we want to make your job of securing APIs easier, but we also want to make getting the guidance you need easier, friendlier and more efficient.