API

Security and privacy trends to watch for in 2022

Jan 11, 2022 By Sorcha Lorimer In Bearer

What can data security and privacy leaders expect from the year ahead? How will key trends shape the industry? Our team looks at three key trends that will impact security and privacy in 2022, and what leaders can do to get ahead of the curve.

Read Post

Bearer

Read more about Security and privacy trends to watch for in 2022

Tooling Overview for API Testing (SAST, DAST, IAST, Fuzzing)

Jan 7, 2022 By Roman Wagner In Code Intelligence

Application Programming Interface (APIs), allow services to communicate with each other. Naturally, applications that are interconnected through many APIs, require thorough security testing, as each connection could potentially include software vulnerabilities. Since there are different methods to test these junctions, I want to briefly discuss the benefits and weaknesses of the most commonly used API testing methods in this article.

Read Post

Code Intelligence

Read more about Tooling Overview for API Testing (SAST, DAST, IAST, Fuzzing)

AlgoSec API Swagger

Jan 4, 2022 By AlgoSec In AlgoSec

On premise and in the cloud, AlgoSec simplifies and automates network security policy management to make your enterprise more agile, more secure and more compliant – all the time. The AlgoSec platform provides a set of Swagger API documentation, available right from the platform itself. Swagger enables you to execute API request calls and access lists of requested parameters.

View Video

AlgoSec

Read more about AlgoSec API Swagger

APIDays: Data Privacy in the age of cloud-native applications

Jan 3, 2022 By Guillaume Montard In Bearer

APIDays is a world series of conferences about—you guessed it—APIs. It made a lot of sense for us to attend it in past years, since we started Bearer as an API monitoring platform. As we pivoted to a data security product a year ago, we wondered if we still had something to contribute. That was until we learned that APIDays would host the Privacy Engineer Conference.

Read Post

Bearer

Read more about APIDays: Data Privacy in the age of cloud-native applications

Review API Scanning Prescan Results

Dec 22, 2021 By Veracode In Veracode

In this video, you will learn how to review Dynamic Analysis prescan scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

View Video

Veracode

Read more about Review API Scanning Prescan Results

Review API Scanning Results

Dec 22, 2021 By Veracode In Veracode

In this video, you will learn how to review Dynamic Analysis scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

View Video

Veracode

Read more about Review API Scanning Results

The top 3 data security problems plaguing tech companies

Dec 21, 2021 By Tanguy Joannot In Bearer

Tech companies building cloud-native applications face a set of unique and rising data protection challenges. At Bearer, we had the chance to speak with 100+ data security and privacy professionals including Chief Information Security Officers, Directors of Security Engineering, Application Security Engineers, Data Protection Officers, Privacy Engineers, and many more. Here are the top concerns that keep them up at night.

Read Post

Bearer

Read more about The top 3 data security problems plaguing tech companies

The Good, the Bad, and The Ugly: Understanding the API Security Top 10 List

Dec 17, 2021 By Jared Carlson In Veracode

The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.

Read Post

Veracode

Read more about The Good, the Bad, and The Ugly: Understanding the API Security Top 10 List

Continuous REST API Testing With CI Fuzz

Dec 10, 2021 By Simon Resch In Code Intelligence

CI Fuzz is a platform for automated security testing that aims to enable developers to ship secure software fast. The platform empowers development teams to automatically deploy continuous REST API security tests with each pull request. Since it enables the instrumentation of entire web service environments, CI Fuzz can create test inputs that are guided by code coverage. This enables it to uncover complex vulnerabilities and edge cases that other tools often overlook.

Read Post

Code Intelligence

Read more about Continuous REST API Testing With CI Fuzz

Pivoting to data security

Dec 9, 2021 By Tanguy Joannot In Bearer

End of summer 2020: Bearer takes the decision to pivot. We have been building an API monitoring & debugging solution for engineering and DevOps teams. We have a stable product and dozens of users onboard. Even so, after months of iterations product adoption is still low and our positioning with all-in-one monitoring solutions is disadvantageous. Product-Market-Fit (PMF) is definitely not in the line of sight.

Read Post