API

When 200 OK Is Not OK - Unveiling the Risks of Web Responses In API Calls

Feb 5, 2024 By Jeff Darrington In Graylog

In the ever-evolving landscape of cybersecurity, where the battle between defenders and hackers continues to escalate, it is crucial to scrutinize every aspect of web interactions. While the HTTP status code 200 OK is generally associated with successful API calls, there’s a dark side to its seemingly harmless appearance that often goes unnoticed.

Read Post

Graylog

Read more about When 200 OK Is Not OK - Unveiling the Risks of Web Responses In API Calls

Wallarm's Crusade Against Rising Credential Stuffing Threats

Feb 2, 2024 By Wallarm In Wallarm

Credential Stuffing, a vital yet often overlooked aspect of cybersecurity, needs to be addressed with urgency. An alarmingly large segment of the population engages in the risky habit of using the same password for various accounts. This behavior parallels the risk of using a universal key for various locks in your life, such as those for your home, car, or even hotel rooms during vacations.

Read Post

Wallarm

Read more about Wallarm's Crusade Against Rising Credential Stuffing Threats

A New Strategy for Reducing API Risk

Feb 2, 2024 By Salt Security In Salt Security

As organizations increasingly embrace APIs, a new challenge has emerged - the complexity of managing, securing, and understanding the sprawling API landscape within an organization. To tackle these concerns head-on, Salt Security has pioneered the industry's first API posture governance engine and a suite of advanced capabilities designed to bring clarity, security, and efficiency to your API ecosystem.

View Video

Salt Security

API
Security

Read more about A New Strategy for Reducing API Risk

Blocking Compromised Tokens with Wallarm

Feb 2, 2024 By Wallarm In Wallarm

In our Annual API ThreatStats report, we highlighted the increasing threat of API Leaks. An API Leak is the disclosure of sensitive API information, such as a token, credential, or private schema. These leaks can occur directly via the API itself, but also via third party tools used to manage source code, such as Github or Postman. API Leaks came in at number 4 in our dynamic top 10 list of API Security issues.

Read Post

Wallarm

Read more about Blocking Compromised Tokens with Wallarm

Graylog Announces Free API Security Tool

Feb 1, 2024 By Graylog In Graylog

Expanding Enterprise Access to API Discovery and Threat Monitoring.

Read Post

Graylog

Read more about Graylog Announces Free API Security Tool

Announcing Graylog API Security v3.6

Feb 1, 2024 By The Graylog Product Team In Graylog

Graylog API Security v3.6 is here! Just taking the version number by itself, v3.6 sounds like an incremental step forward. But the truth is that v3.6 isn’t just a release milestone; it’s a huge inflection point in our mission to improve API security. There are multiple “firsts” in v3.6, which makes the total combination even more exciting.

Read Post

Graylog

Read more about Announcing Graylog API Security v3.6

Noname Security Platform Updates: 3.26 Release

Feb 1, 2024 By Stas Neyman In Noname Security

The Noname Security 3.26 release supports integration with Fastly content delivery network, connection rules for Noname cloud connectors, a new capability to optimize APIs for more effective testing, and more.

Read Post

Noname Security

Read more about Noname Security Platform Updates: 3.26 Release

Step-by-Step: Integrating SAST into Your Development Workflow

Jan 31, 2024 By Guillaume Montard In Bearer

When it comes to software development, prioritizing security is essential. Static Application Security Testing (SAST) plays a key role in this by thoroughly analyzing your source code to identify potential vulnerabilities. It's like having a constant code reviewer focused on security, ensuring that your application is protected from the earliest stages of development.

Read Post

Bearer

Read more about Step-by-Step: Integrating SAST into Your Development Workflow

Bulletproofing the retail cloud with API security

Jan 31, 2024 By Devin Partida In AT&T Cybersecurity

Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability.

Read Post

AT&T Cybersecurity

Read more about Bulletproofing the retail cloud with API security

Securing the Gateway - Mastering API Security in the Modern Web Landscape

Jan 31, 2024 By GitGuardian In GitGuardian

APIs are the backbone of modern web applications, yet we rarely assess security beyond the traditional WAFs and Gateways. In fact, in a recent scan of over 1.5k GraphQL endpoints revealed a staggering 46,000+ security issues and sensitive data leaks—all accessible without authentication, with 10% classified as critical. Due to API’s being widely used by developers, they have now become a favored attack vector for threat actors.

View Video