|
By Eric Schwake
OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.
|
By Eric Schwake
Going to a vendor's Knowledge Base (KB) is often the first place practitioners go to get the product deployed or troubleshoot issues. Even with advanced search tools, historically, KBs have been challenging to find relevant content quickly, and navigating a KB can be frustrating. At Salt Security, not only do we want to make your job of securing APIs easier, but we also want to make getting the guidance you need easier, friendlier and more efficient.
|
By Aviad Carmel
Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.
|
By Eric Schwake
Securing organizations against today’s most advanced threats continues to be challenging, with APIs (Application Programming Interfaces)playing an increasingly central and vulnerable role, especially as digital transformation marches on. The NIST Cybersecurity Framework 2.0 (CSF) release underscores the urgency of addressing evolving threats and now emphasizes the importance of governance in Cybersecurity.
|
By Eric Schwake
AppSec leaders and security practitioners, rejoice! Automating your security practices using Salt Platform APIs is now easier than ever, empowering developers to integrate APIs quickly and efficiently while helping reduce risk. The newly launched Salt Developer Portal is your one-stop hub for all API security automation needs.
|
By Nick Rago
Could you imagine our interstate highway system without roadway bridges? I don’t think anyone would argue that bridges are not an essential part of an effective ground transportation network. So it doesn’t surprise me that when I ask people what makes a highway bridge “good,” I get quick responses with pretty consistent answers: guardrails, proper lighting, clear signage, smooth driving surface, lane markings, load capacity, structural integrity, and so on.
|
By Michael Callahan
Today, we’re thrilled to share that Salt has launched extended capabilities to our powerful platform, adding yet another industry-first technical advancement to our trophy case! (full announcement here.) Since its founding, Salt’s been on a mission to create a platform that can detect, prioritize and solve the most complex API security challenges and risks.
|
By Michael Nicosia
Is Salt Security a fortune teller? We’re not sure if we’d go as far as to say that, but we certainly have had our fair share of precognitive moments. In today’s virtual age where everyone is utilizing and relying on digital landscapes, people’s data is constantly being put online. As technology advances and more people go online, bad actors and cyber threats use vulnerabilities in Application Programming Interfaces (APIs) to get access to sensitive data.
|
By Aviad Carmel
OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.
|
By Michelle McLean
We’re entering a new season of fall, but here at Salt, it seems like it’s always awards season! We continue to receive accolades for the Salt Security API Protection Platform – all year round! This time we have been honored with the “Best API Security” award in the 2023 API Awards.
|
By Salt Security
Join Nick Rago (VP of Product Strategy at Salt Security) and Claudio Acquaviva (Software Architect of Kong Inc.) in this informative webinar (live April 11). They discuss what being API-first really means, the essentials to success, and walkthrough the lifecycle of an API from design to deployment and how combining Salt Security with Kong through that API lifecycle can help provide a risk-free API-first journey.
|
By Salt Security
As organizations increasingly embrace APIs, a new challenge has emerged - the complexity of managing, securing, and understanding the sprawling API landscape within an organization. To tackle these concerns head-on, Salt Security has pioneered the industry's first API posture governance engine and a suite of advanced capabilities designed to bring clarity, security, and efficiency to your API ecosystem.
|
By Salt Security
We’re all in this together, which is why awareness about APIs and connecting with one another is crucial to cyber security. Salt Security has recently announced our Salt Technical Ecosystem Partner Program which can help demonstrate the role of application security testing when it comes to API security and where it fits in a good API security program.
|
By Salt Security
This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.
|
By Salt Security
This short video highlights the "State of API Security for the Healthcare Sector" report and emphasizes the growing importance of APIs for success and the challenges in protecting them.
|
By Salt Security
API attacks aren’t like traditional application attacks. Understanding those differences is crucial to protecting the valuable data and services your APIs enable. Nick Rago, Salt Security Field CTO, discusses in this webinar: We hope you enjoy the webinar on the changing nature of API attacks and learn the best practices to keep your organization safe.
|
By Salt Security
As financial services and insurance organizations have increasingly turned to APIs to accelerate business innovation, attackers have also changed their tactics, making APIs their prime target. This short video discusses findings from the first industry-specific version of the State of API Security report and draws on a combination of survey responses and empirical data from the Salt Cloud. Key trends revealed by the survey include.
|
By Salt Security
To understand how the digital-first economy and global trends have impacted the role of the CISO, Salt partnered with the research firm Global Surveys to study 300 worldwide Chief Information Security Officers. This video highlights trends revealed by the survey including: These were just a few of the highlights from our recent state of the CISO survey. We encourage you to download the full report for even more great insights.
|
By Salt Security
As APIs have become the backbone of modern applications, threat actors are increasingly targeting them. Whether it be to exfiltrate data, take control of critical systems, or disrupt key business services or digital supply chains, threat actors have taken notice—and they see APIs as a prosperous attack vector. In this video, you’ll gain valuable insights into API security and learn proactive measures to safeguard your APIs. By understanding the challenges posed by API attacks, you’ll understand the best strategies to protect your organization.
|
By Salt Security
Salt Security protects the APIs that form the core of every modern application. Its patented API Protection Platform is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and shift-left practices.
|
By Salt Security
API attacks are on the rise, and WAFs and gateways cannot stop them. A few highlights from our latest Salt Labs report on API security: Download the report now to benchmark yourself and use the findings to improve API security for your company.
|
By Salt Security
API Security for Dummies walks you through how application architecture has evolved, why apps are built on APIs now, the security risk APIs present, and best practices for securing APIs. This eBook: Download this eBook to learn the most critical elements of API security and ten prioritized steps you can follow now to start securing APIs for your organization.
|
By Salt Security
Securing your APIs is no longer a luxury, but it shouldn't be viewed as just a necessary burden either. Protecting your APIs opens the door to real business value including: Download this eBook to explore the business results customers are uncovering as they embark on their API security journey and how to quantify the value of API security in your organization.
|
By Salt Security
API attacks include many of the tactics, techniques, and procedures (TTPs) identified in the MITRE ATT&CK framework. This white paper analyzes and maps three common API attack scenarios to the TTPs found in the MITRE Enterprise Matrix. By understanding how the MITRE ATT&CK TTPs relate to API security threats, security leaders can: Download now to learn how to defend against API attacks by leveraging this well-known security framework.
|
By Salt Security
API security has emerged as a key priority for protecting vital data and services. It's also an area where many companies lack expertise. Salt Security has compiled this list of API security best practices, drawn from field experience and customer feedback, to help guide you on your API security journey. These API security best practices fall into multiple focus areas, including: Download this guide to obtain a comprehensive list of best practices and guidance to secure your APIs throughout their lifecycle.
|
By Salt Security
With API attacks on the rise, and existing security technology proving to be ineffective at stopping API attacks, organizations need to take a new approach. API security offerings must provide a range of functionality to be useful to organizations, including: Download this white paper to improve awareness of what it takes to adequately secure APIs, how to evaluate a given API security offering, and what API security capabilities are necessary to protect your business.
- April 2024 (3)
- March 2024 (3)
- February 2024 (1)
- January 2024 (3)
- November 2023 (1)
- October 2023 (3)
- September 2023 (2)
- August 2023 (3)
- July 2023 (7)
- June 2023 (7)
- May 2023 (6)
- April 2023 (9)
- March 2023 (14)
- February 2023 (6)
- January 2023 (6)
- November 2022 (1)
- June 2022 (1)
- May 2022 (1)
- April 2022 (1)
The leading API security company, providing the context needed to discover APIs, stop attacks, and remediate vulnerabilities to accelerate business innovation.
By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and shift-left practices. Deployed quickly and seamlessly integrated within existing systems, the Salt Security platform gives customers immediate value and protection, so they can innovate with confidence and accelerate their digital transformation initiatives.
Complete API security for complete protection:
- Discover all your APIs: Continuously inventory all your APIs, including shadow and zombie APIs.
- Prevent sensitive data exposure: Identify the APIs that are exposing PII or other sensitive data.
- Stop API attacks: Correlate activity to block attackers during reconnaissance.
- Prevent ATO, Data Exfiltration: Thwart credential stuffing, account takeover, and data theft attacks.
- “Shift left” with proactive API security Test APIs in pre-production to identify and eliminate vulnerabilities.
- Accelerate incident response: Reduce the time needed to understand and resolve incidents.
- Provide remediation insights: Share learnings from runtime analysis with dev teams to harden APIs.
- Simplify compliance: Tie your API and sensitive data discovery and vulnerability remediation into GRC workflows.
The rich API context you need for robust discovery, attack prevention, and shift left.