Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Wallarm

Taming API Sprawl: Best Practices for API Discovery and Management

APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased security risks, inefficient resource utilization, and the frustrating experience of redundant or hard-to-locate services across teams. Postman details the explosive growth in APIs in their State of API report.

Dell's API Security Failure: How 49 Million Records Were Exposed #dell #DataBreach #dataleaks

In this video, we examine two significant API security failures, each with devastating consequences. The first breach used a simple trial-and-error method, exploiting broken access control to impact 10 million users. In the Dell example, API abuse exploited a lack of validation and rate limiting, allowing an attacker, posing as a partner, to scrape 49 million records over several weeks. These cases highlight the importance of robust API security practices, especially for business processes and access control. Watch to learn key takeaways on protecting APIs from similar attacks.

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast attack surface that’s challenging to defend with traditional methods alone.

Context is King: Using API Sessions for Security Context

There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO’s lists. The tools in the market for API security still have room for improvement, of course. One of the challenges security practitioners face with APIs is understanding the context in which an attack took place.

The Hidden Costs of API Breaches: Quantifying the Long-Term Business Impact

API attacks can be costly. Really costly. Obvious financial impacts like legal fines, stolen finances, and incident response budgets can run into the hundreds of millions. However, other hidden costs often compound the issue, especially if you’re not expecting them. This article will explore the obvious and hidden costs of API breaches, their long-term business impacts, and how you can communicate the importance of API security to business stakeholders and decision-makers.

How Weak Access Controls Led to the Optus API Breach #accesscontrol #databreach #dataleaks

Broken access controls are one of the leading causes of API breaches. Learn how weak access control can leave your data exposed, as we explore real-world examples and share insights on protecting sensitive information. Strengthen your API access controls to safeguard against unauthorized access and potential breaches!

AI-Powered APIs: Expanding Capabilities and Attack Surfaces

AI and APIs have a symbiotic relationship. APIs power AI by providing the necessary data and functionality, while AI enhances API security through advanced threat detection and automated responses. In 2023, 83% of Internet traffic traveled through APIs, but there was a 21% increase in API-related vulnerabilities in Q3 2024, severely impacting AI. The relationship between AI and APIs expands capabilities while simultaneously increasing potential vulnerabilities.

Key Indicators of a Strong API Security Program - Do You Have Them? #securitymeasures #securitykey

What does a successful API security program look like? Discover the essential indicators that every organization should monitor, from inventory control to continuous monitoring and anomaly detection. Learn how these key metrics can safeguard your APIs and ensure your defenses are ready for emerging threats!

Gaining Security Context with API Session Data

API attacks don't always occur in a single request, and more sophisticated attacks require additional context. Whether it's account takeover or scraping, understanding the behavior of an attacker across a session is key to accurate detection and effective investigation. Today, organizations often lack the ability to delve into the details of specific API sessions. Data is spread across multiple tools, or simply unavailable. The Wallarm platform allows users to seamlessly navigate between attack detections and the surrounding session data to fully understand the behavior and interactions involved.

Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale

In a concerning trend, cybercriminals are leveraging DocuSign's APIs to send fake invoices that appear strikingly authentic. Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate reputable companies, catching users and security tools off guard.