In DevSecOps, everyone is responsible for software quality. Having a methodology for security mitigates risks and serves both business stakeholders and software developers by adding an extra layer of protection to the development process. APIs make computer to computer communication possible, which means that they present an avenue cyber attackers ... Read More

With data breaches and cyber-attacks occurring more frequently, the need for regular, intelligent, and thorough penetration testing is at an all-time high. Industry experts agree that 2020 saw a noticeable shift in cyber-attack methodologies and tactics, with APIs now accounting for 40% of the attack surface for all web-enabled apps ... Read More

Technology has been changing rapidly and providing organizations with an unprecedented level of speed and benefits. As organizations embark on their digital transformation journeys, APIs are being leveraged in several different ways, becoming increasingly to the overall customer experience. However, many enterprises have become accustomed to the security provided for ... Read More

Automated reports used to satisfy compliance requirements for APIsec SOC 2 certification SAN FRANCISCO, Oct. 5, 2020 /PRNewswire/ — APIsec, Inc. introduced today an update to its API security platform allowing enterprise security and compliance groups to obtain certified, compliant API penetration testing reports on-demand. APIsec now provides detailed pen-test ... Read More

The growth of the API Market in the US continues to climb year over year, with an expected increase of 34% - totaling a projected $7.5B market size in 2026. From massive global corporations to local businesses, the widespread use of APIs has permanently changed the face of all major ... Read More

Step 1: Provide a curl for generating token Sample command: curl -s -d ‘{“username”:”admin”, “password”:”secret”}’ -H “Content-Type: application/json” -H “Accept: application/json” -X POST https://ip/user/login Step 2: Provide Token extraction logic using grep/jq If the Step 1 response look like this {“time”: “1594073751605”, “info”: {“token”: “val”}}. and your token path is ... Read More

APIs are the heart of the modern Web, Mobile, & Data integration architecture. As per OWASP, top API vulnerabilities come from business-logic, role-configuration, and access-control flaws. Making web security, pen-testing, and WAF approaches obsolete against the top API exploits. APIsec is the cloud-native continuous API security platform, instantly detect and ... Read More

Scan local APIs to find vulnerabilities with APIsec CLI 1. Installation To download and run apisec-cli, please run the following git clone https://github.com/intesar/apisec-clicd apisec-clijava -jar apisec-cli.jar 2. Signup with APIsec For the new users, you need to sign-up with APIsec. It creates a new tenant for you in the APIsec ... Read More

Note: This series aims to analyze and simplify breach and vulnerability reports that are usually cryptic and mostly written by legal. The simplified version hopes to educate and help security and engineering leadership avoid the same mistakes. Company: First American Financial Report Date: May 24, 2019 Vulnerable Data: 885M customer ... Read More

Note: This series simplifies and analyze breach/exploit details which are usually cryptic and legal led and to help other enterprises avoid the same mistake. Company: HealthEngine App: Feedback System Data Leaked: 59,000+ patient’s personally identifiable information. The complexity of hack: Low Vulnerability Type: Day-0 Common Vulnerability: Yes and can exist ... Read More