Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API

What is Rate Limiting? - Definition, Methods, and Why It Is Important

Rate limiting is a mechanism used to control the amount of data or requests that can be transmitted between two systems within a specified time period. It helps prevent abuse, protect system resources, and ensure fair usage for all users. By implementing rate limiting, organizations can mitigate the risk of server overload, improve network performance, and enhance overall security.

What is API Abuse? | Noname Academy

Modern application programming interfaces (APIs) offer a great example of the law of unintended consequences. With their openness and ability to offer nearly universal connectivity between applications and data sources, they have transformed IT and the businesses that deploy them. However, that same openness also makes APIs ripe targets for abuse.

What is an Attack Surface? - Defining, Identifying, and Mitigating Cyber Risks

Attack surface management refers to the process of identifying, assessing, and managing the potential vulnerabilities in an organization’s technology infrastructure. It involves analyzing and understanding all possible entry points that attackers could exploit, such as network devices, applications, APIs, and user access points.

What is Data Security? - Definition and Implementation

Data security refers to the measures and practices implemented to protect sensitive information from unauthorized access, use, disclosure, disruption, modification or destruction. It involves various techniques and technologies such as encryption, access controls, firewalls, antivirus software, secure backups, and employee training.

What is API Authentication?

API authentication is a combination of technology and process that proves or verifies the identities of users who want access to an API. Specifically, API authentication involves the use of a software protocol to verify that users are who they claim to be when a client makes an API call. API authentication solutions are usually set up to block access to an API if they detect something wrong with the user’s identity during the API call. It’s online verification of ID, a gatekeeping countermeasure that defends APIs from access by malicious actors. Remember, too, that in many cases, the API user is a machine, not a person.

Security with a High Engineer-to-AppSec Ratio: Insights from Jeevan Singh

Navigating the delicate balance between an expanding number of engineers and the imperative for robust Application Security (AppSec) practices is no small feat. In this interview, we delve into the invaluable perspective of Jeevan Singh, the Director of Security Engineering at Rippling, the #1 workforce management platform. He shares insights and strategies that have allowed him in his career to successfully navigate the intricate maze of security amidst a high engineer-to-AppSec ratio.

Leveraging OpenAPI as a Core Element of API and Application Security

An application’s attack surface is the sum of all the areas of an application which could be attacked by malicious attackers. This includes the application’s APIs, the underlying code, supporting infrastructure, and any other components which could be compromised. The goal for any organization is to reduce the attack surface area by discovering and minimizing potential vulnerabilities.
Featured Post

How Unsecured APIs Can Eat Up Retail Revenue

The retail sector has experienced transformational change with the introduction and widespread adoption of digital technology. The sector has seen an extreme level of transformation; from physical storefronts, through the early days of internet retailing, all the way up to the modern retail and eCommerce ecosystem. This transformation has required the adoption of new technology at each stage, with APIs the current foundational building block, enabling the necessary connections between retailers, consumers and the supply chain. However, given the resulting amount of personal identifiable information (PII) on offer, retail is an extremely attractive target for cybercriminals to exploit vulnerabilities for financial gain.

Introducing Bearer Assistant

Artificial Intelligence (AI) is a hot topic these days, especially across the security industry. There's hardly a day when we don't read about its potential to create an impact on our lives, for better or worse. As a security company, we truly believe in the potential of AI, but we didn't want to jump into the deep end without careful consideration as we followed the buzz with a healthy amount of skepticism.