The 2023 OWASP API Security Top 10 list compiles and explains the most recent and pressing security threats facing today’s complex API ecosystem. As part of the committee that defined this industry-framing list, Salt gives you an insider view into the categories and how those embarking on their API security journey can most effectively address the critical vulnerabilities raised.

Every company’s APIs are unique and so are its security gaps. Bad actors will poke and prod to learn your APIs and find mistakes in business logic they can exploit. Catching these attacks requires context and deep behavioral analysis over time. With its recent AWS WAF Ready designation, Salt Security makes it easier and faster for businesses to protect the APIs running in their AWS environments. Salt provides the visibility, intelligence, and context over time to identify and block attacks using tools you already rely on such as Amazon API Gateway, AWS WAF, and other inline enforcement points.

Every company follows a unique path in adopting such critical and far-reaching security initiatives as API security. Nate Steinberg, Principal Information Security Specialist, shares how Amway approached building out its API security strategy. This on-demand fireside chat with Salt Security and Amway discusses.

Stephanie Best, Director of Product Marketing, and Yaniv Balmas, VP of Research at Salt Labs, discuss what you need to know about the new 2023 OWASP API Security Top 10 release candidate. As a member of the OWASP committee that helped shaped the latest report, Yaniv takes you behind the scenes to learn what changed, what stayed the same, and why these decisions were made.

APIs have emerged as the leading attack vector and attack surface most targeted by cybercriminals. That's why it's important to understand the tactics and techniques used by attackers while they're targeting APIs. In this video, we help you achieve this level of understanding by mapping the MITRE ATT&CK framework to API security attacks.

Several big-name API breaches have been in the news over the past few years, but API attacks happen every single day and typically don't make the headlines. Securing your APIs is no longer a luxury, but it’s also not just a burden. This short video shares how protecting your APIs opens the door to real business value.

This short video explains how Salt Labs researchers identified several critical security flaws on the popular travel site Booking.com. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user such as booking or canceling reservations and ordering transportation services.

This 30-minute interactive discussion was designed specifically for Cloudflare users to learn more about API security challenges and how your existing Cloudflare environment can give you a jumpstart to solve them. Learn how API attacks are different and why industry experts are calling 2023 the year of API security.

In this 30-minute office hours discussion, Mike Rothman, Chief Strategy Officer of Techstrong Group, and Nick Rago, Field CTO of Salt Security, share insights on how companies are defining their API security strategy and answer attendee questions to help you build your plans.

In this short video, Chief Security Officer Joe Martinez shares insights on how Aon approaches API Security and the various technical and business issues in protecting the company’s business-critical assets.