Noname Security

San Jose, CA, USA
2020
  |  By Stas Neyman
The Noname Security 3.27 release includes capabilities to assess and visualize the risk of your API landscape, a user-friendly visual interface for creating and automating workflows, improved support for external API definition files, and more.
  |  By Noname Security
Noname Security announces that CRN, a brand of The Channel Company, has named Noname Security to its Security 100 list. The list recognises leading IT security vendors committed to working hand-in-hand with channel partners to protect businesses from cybersecurity threats.
  |  By Noname Security
API security company appoints President and Chief Product Officer.
  |  By Stas Neyman
The Noname Security 3.26 release supports integration with Fastly content delivery network, connection rules for Noname cloud connectors, a new capability to optimize APIs for more effective testing, and more.
  |  By Karl Mattson, Field CISO
The last 12 months have been seismic for cybersecurity, with successful hacks and breaches continuing to make front-page news. The task of keeping networks and data safe is an ever-evolving one, with hackers and cybersecurity professionals in a constant state of cat-and-mouse as they try to outsmart one another. Events of the past year, including the widespread adoption of, and interest in, AI, as well as new geopolitical challenges, have had a profound impact. They provide some clues as to what 2024 might hold.
  |  By Stas Neyman
The Noname Security 3.25 release supports customizable API risk scoring and dashboard views, in-product notifications for traffic source version updates, enhanced traffic source integrations, and more.
  |  By Stas Neyman
The Noname Security 3.24 release supports a connection status view for resources discovered through API Gateway and Load Balancer integrations, adds a preview of a new Traffic Audit capability, and enables configuration of the Noname Telemetry service within the Noname platform UI.
  |  By Noname Security
Appointment of Chief Financial Officer, Chief of Staff, and Vice President of R&D sets the stage for momentous growth and increased innovation in 2024.
  |  By Karl Mattson, Field CISO
The retail sector has experienced transformational change with the introduction and widespread adoption of digital technology. The sector has seen an extreme level of transformation; from physical storefronts, through the early days of internet retailing, all the way up to the modern retail and eCommerce ecosystem. This transformation has required the adoption of new technology at each stage, with APIs the current foundational building block, enabling the necessary connections between retailers, consumers and the supply chain. However, given the resulting amount of personal identifiable information (PII) on offer, retail is an extremely attractive target for cybercriminals to exploit vulnerabilities for financial gain.
  |  By News
We are excited to provide the latest news and features about the Noname Security platform. These features help you protect your APIs from a broader range of attacks, improve your security posture, and simplify your API security operations. In this blog post, we’ll dive into the latest updates that will redefine how you interact with our product across the four pillars — Runtime Security, Discovery, Posture Management, and Active Testing.
  |  By Noname Security
API Security requires Machine Learning because it is a superhuman problem to solve. With the strong partnership between Noname Security and IBM, you can protect all of your APIs and leverage the game-changing capabilities of AI/ML solutions like Watsonx to drive a faster and more secure API security practice. Learn how you can start accelerating your API security today.
  |  By Noname Security
A business continuity plan, or BCP, is a collection of procedures organizations use for maintaining their operations during times of crisis. It is a cross-functional guide that includes communication and collaboration plans, as well as back-up procedures. A well-developed BCP can help organizations avoid disruptions when dealing with unexpected outages.
  |  By Noname Security
Defense in Depth (DiD) is a cybersecurity strategy that involves deploying multiple types of defensive layers. The underlying theory holds that digital assets will be better protected if a malicious actor has to penetrate more than one barrier to succeed in an attack.
  |  By Noname Security
PSIRT stands for Product Security Incident Response Team. It’s a team within an organization that handles and responds to security incidents related to its products or services. The main purpose of a PSIRT is to identify, assess, prioritize, and respond to vulnerabilities or threats that may impact the security of the organization’s offerings.
  |  By Noname Security
Identity and Access Management (IAM) provides a critical, foundational element of cybersecurity, which is the tracking of who users are and what each user is entitled to do in a digital environment. People tend to think of IAM as a solution, but it’s actually a framework that serves as the basis for solutions, along with a range of work processes.
  |  By Noname Security
Simple Object Access Protocol, better known as SOAP, is a standards-based messaging protocol specification. Introduced in 1998, SOAP and a handful of other web standards became the foundation for a generation of enterprise technologies. SOAP APIs are especially handy when it’s necessary for a server and client to exchange data in a structured format, as SOAP messages are built in extensible markup language (XML).
  |  By Noname Security
Rate limiting is a mechanism used to control the amount of data or requests that can be transmitted between two systems within a specified time period. It helps prevent abuse, protect system resources, and ensure fair usage for all users. By implementing rate limiting, organizations can mitigate the risk of server overload, improve network performance, and enhance overall security.
  |  By Noname Security
Modern application programming interfaces (APIs) offer a great example of the law of unintended consequences. With their openness and ability to offer nearly universal connectivity between applications and data sources, they have transformed IT and the businesses that deploy them. However, that same openness also makes APIs ripe targets for abuse.
  |  By Noname Security
Attack surface management refers to the process of identifying, assessing, and managing the potential vulnerabilities in an organization’s technology infrastructure. It involves analyzing and understanding all possible entry points that attackers could exploit, such as network devices, applications, APIs, and user access points.
  |  By Noname Security
Data security refers to the measures and practices implemented to protect sensitive information from unauthorized access, use, disclosure, disruption, modification or destruction. It involves various techniques and technologies such as encryption, access controls, firewalls, antivirus software, secure backups, and employee training.
  |  By Noname Security
Enterprises manage thousands of APIs, many of which are not routed through a proxy such as an API Gateway or WAF. Which means they are not monitored, rarely audited, and are most vulnerable to mistakes, misfortune, and mischief. This has left enterprise security teams to play catch-up when it comes to API security. In fact, Gartner predicts that 'by 2025, less than 50% of enterprise APIs will be managed as explosive growth in APIs surpasses the capabilities of API management tools.' Below are some of the key reasons that explain the proliferation of APIs and why many of them are left unsecure.
  |  By Noname Security
The OWASP Top 10 is a standard awareness document and is the closest approximation of a set of rules for how to build secure applications that the development and web application security community has. We created this ebook to provide an overview of the OWASP top 10 API security vulnerabilities, and the methodologies used to mitigate them.
  |  By Noname Security
With the number of APIs skyrocketing, companies are facing increasing challenges when it comes to security. Oftentimes, either there aren't enough security personnel who know how to test APIs, the number of APIs are growing faster than the security team can keep up with, or the existing security tools lack adequate coverage. Any one of these three scenarios can spell disaster for your environment. However, there is one overlooked aspect that could also weaken your API security posture if not addressed - and that's testing APIs early in the development process.
  |  By Noname Security
Today, businesses rely on APIs more than ever before. Gartner estimates that API calls represent 83% of all web traffic. Given the increased reliance on APIs, their importance to digital businesses, and the rising level of sophistication of hackers looking to compromise those APIs, organizations need a proven strategy for API security.
  |  By Noname Security
Application Programming Interfaces (APIs) are among the foundations of modern digital business, powering the logistics of delivering digital products to partners and customers. However, Security experts have warned about numerous security risks of APIs for years. But until quite recently, many organizations still believed that their API-related risks can be sufficiently addressed by existing security tools like web application firewalls (WAFs).

Proactively secure your environment from API security vulnerabilities, misconfigurations, and design flaws. Protect APIs from attacks in real-time with automated detection and response.

The Complete, Proactive API Security Platform:

  • Discover all of your APIs: Find and inventory every type of API, including HTTP, RESTful, GraphQL, SOAP, XML-RPC, JSON-RPC, and gRPC. Discover legacy and rogue APIs not managed by an API gateway, and catalog data type classifications for all APIs.
  • Detect API threats and prevent attacks: API security risks and issues are not all discovered in source code alone. Monitor real-time traffic using AI and ML-based detection to uncover data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks.
  • Test API security before production: Most applications have security testing before going into production. Most APIs do not. Increase API security assurance with greater speed, efficacy, and scale with integrated API-specific testing for CI/CD pipelines.

The Complete API Security Platform.