API

The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

Oct 24, 2023 By Josh Breaker-Rolfe In Tripwire

Application Programming Interfaces (APIs) have profoundly transformed the internet's fabric. In the pre-API era, digital interactions were limited by siloed systems functioning in isolation. APIs dismantled these barriers by introducing a universal language that diverse applications could comprehend. This linguistic bridge facilitated an unprecedented level of interconnectivity between software entities.

Read Post

Tripwire

Read more about The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

Oh-Auth - Abusing OAuth to take over millions of accounts

Oct 24, 2023 By Aviad Carmel In Salt Security

OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.

Read Post

Salt Security

Read more about Oh-Auth - Abusing OAuth to take over millions of accounts

OAuth security gaps at Grammarly (now remediated)

Oct 24, 2023 By Salt Security In Salt Security

This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.

View Video

Salt Security

API
Security

Read more about OAuth security gaps at Grammarly (now remediated)

2023 API Security Trends for Manufacturing

Oct 17, 2023 By Dan Murphy In Noname Security

Manufacturing is an industry in flux. The sector has been acutely affected by inflation, supply chain challenges and labor shortages in recent years, while also grappling with rapid developments in technology. It is no stretch to state that a manufacturer’s ability to leverage technology is a key determinant in its success and failure – now and into the future.

Read Post

Noname Security

Read more about 2023 API Security Trends for Manufacturing

Elevating Enterprise API Security with Wallarm for MuleSoft Anypoint Platform

Oct 17, 2023 By Wallarm In Wallarm

In an age characterized by digital transformation, APIs serve as the backbone of modern applications, enabling diverse systems to communicate and share data seamlessly. This widespread API adoption, however, exposes organizations to a considerable attack surface, inviting the attention of cyber adversaries searching for vulnerabilities to exploit.

Read Post

Wallarm

Read more about Elevating Enterprise API Security with Wallarm for MuleSoft Anypoint Platform

Noname Leads the Way for API Security in the Federal ZT Journey

Oct 16, 2023 By Dean Phillips In Noname Security

Over 18 months ago, a small group of us started a program to support the US federal government and the broader public sector with robust API security. Recognizing the major shifts in government cyber security, we focused on Zero Trust early. We wrote about it, talked about it, and evangelized on the importance of including API security in a ZT architecture. An early achievement was a detailed mapping of API security to the pillars of ZT over a year ago.

Read Post

Noname Security

Read more about Noname Leads the Way for API Security in the Federal ZT Journey

2023 OWASP Top-10 Series: Wrap Up

Oct 14, 2023 By Wallarm In Wallarm

Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude this series, it's time to summarize and offer some practical guidance for security practitioners looking to bolster API security in their organizations.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: Wrap Up

The Top 5 Tips for Identifying and Deterring Suspicious API Traffic

Oct 12, 2023 By Harold Bell, Director of Content Marketing In Noname Security

With the increasing reliance on APIs, detecting suspicious API traffic has become crucial to ensure the security and integrity of these interactions. Suspicious API traffic poses a huge threat to the overall system and its data, the traffic can indicate malicious intent such as unauthorised access attempts, data breaches, or even potential attacks targeting vulnerabilities in the API infrastructure.

Read Post

Noname Security

Read more about The Top 5 Tips for Identifying and Deterring Suspicious API Traffic

2023 API Security Trends for Healthcare

Oct 12, 2023 By Dan Murphy In Noname Security

Application programming interfaces, better known as APIs, link unrelated platforms so data can flow freely between them. And in order for providers to share patient health data across different systems, APIs must be produced at rapid speed and maintained with diligence to foster interoperability. However, this innovation comes with a catch. The more APIs an organization uses, the greater opportunity for risk they face in both performance and security.

Read Post

Noname Security

Read more about 2023 API Security Trends for Healthcare

Modern Application & Software Security Roundtable - with Jim Manico & Bearer

Oct 11, 2023 By Bearer In Bearer

Jim Manico, Guillaume Montard, and Nipun Gupta discuss how the application and software security paradigm has changed in 2023, and what technologies like SAST and code security might look like in the future. Recorded on October 9th, 2023.

View Video