API

2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

Sep 2, 2023 By Wallarm In Wallarm

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

Q2-2023 API ThreatStats Report

Sep 1, 2023 By Wallarm

In this comprehensive Q2-2023 report, we reflect on an intensified API threat landscape, underlining prevalent threat vectors, susceptible APIs, and new dimensions in the API security arena. With the inclusion of bug bounty analysis and our inaugural API Security Awards, this report provides granular insights into the current state of API security.

Get Report

Wallarm

Read more about Q2-2023 API ThreatStats Report

A CISO's Guide to Cloud Application Security

Sep 1, 2023 By Wallarm

The following guidelines will help senior stakeholders set strategy to secure modern applications, learning: Applications are the operational mechanism for how a modern enterprise conducts transactions and uses data. Whether internal or customer-facing, apps are critical for your successful business operations. That means securing apps should be a business priority.

Get Guide

Wallarm

Read more about A CISO's Guide to Cloud Application Security

What You Need to know about API security

Aug 31, 2023 By Jeff Darrington In Graylog

When people talk about complex, interconnected ecosystems, they’re really talking about how applications share data and communicate with each other. Like the air-lock on a spaceship lets people pass between physical environments, Application Programming Interfaces (APIs) enable data to pass between digital environments. However, since APIs act as access points between applications, they create potential security risks.

Read Post

Graylog

Read more about What You Need to know about API security

National Cybersecurity Strategy Implementation Plan published; Carrots and Sticks

Aug 29, 2023 By Dean Phillips In Noname Security

This is the third installment in the National Cybersecurity Strategy series. To read the other two blogs, click here for part 1 and here for part 2. As I was drafting the third installment on the National Cybersecurity Strategy, the National Cybersecurity Strategy Implementation Plan was published. This follow-on document provides greater specificity on detailed actions to be taken. As such, moving forward, the two should be viewed together and assessed as a pair.

Read Post

Noname Security

Read more about National Cybersecurity Strategy Implementation Plan published; Carrots and Sticks

2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization

Aug 26, 2023 By Wallarm In Wallarm

Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization

API Abuse - Lessons from the Duolingo Data Scraping Attack

Aug 25, 2023 By Wallarm In Wallarm

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was working as designed.

Read Post

Wallarm

Read more about API Abuse - Lessons from the Duolingo Data Scraping Attack

API Security Fundamentals

Aug 24, 2023 By Indusface In Indusface

API attacks have risen 400% in the last six months, as per Security Boulevard. This has caused 59% of organizations to delay the release of new applications due to concerns about API security. As industries look to integrate with third-party software more often to improve their business operations, the security of OpenAPIs has become critical.

View Video

Indusface

API
Security

Read more about API Security Fundamentals

Understanding API Attacks: Why they are different and how to stop them

Aug 24, 2023 By Salt Security In Salt Security

API attacks aren’t like traditional application attacks. Understanding those differences is crucial to protecting the valuable data and services your APIs enable. Nick Rago, Salt Security Field CTO, discusses in this webinar: We hope you enjoy the webinar on the changing nature of API attacks and learn the best practices to keep your organization safe.

View Video