Wrestling with the Problem of API Sprawl

|
The API ecosystem is global and rapidly expanding. In its 2021 State of the API Report, Postman reported that its user base spanned 234 countries and collectively made 855 million API requests. Over half of Postman survey respondents also indicated that they deploy new APIs to production once per day, ... Read More

API Security Best Practices

|
APIs provide the fuel for today’s modern applications. However, the broad landscape of API design patterns and API consumer types complicates API security requirements for organizations. The protection of APIs – and the critical data and services they enable – extends across multiple security vectors, and many are not yet ... Read More

Announcing the Salt API Security Maturity Model

|
Security practitioners often express concerns across related security problem areas. They may phrase their questions in the unique language of their industry, but supporting processes and technology remain similar at their core. Threats including account takeovers or digital supply chain attacks are very often the result of API problems. Today, ... Read More

Recap: The 7 Biggest API Security Incidents in 2021

|
The world witnessed no shortage of API-related security incidents in 2021. Gartner has made a prediction on this front for a number of years, which we’ve seen play out precisely. Much focus has been on the Gartner strategic planning assumption (SPA) that by 2022, API abuses will become the most-frequent ... Read More

Seven API Security Predictions for 2022

|
If 2022 is anything like 2021, we’ll see no shortage of API-related events this coming year. In 2021, we saw many issues originating from leaky APIs, misconfigurations, weak or broken access controls, latent vulnerabilities, and poor coding practice. The end result was a laundry list of data exposures, data loss, ... Read More

API Security Evaluation Guide

|
Understanding what “good” looks like in API Security so you can mitigate API attacksModern applications are built on APIs, and application security practices now heavily depend on API security practices. As with any new technology, organizations don't always know how to evaluate what “good” looks like and measure what features ... Read More
API1:2019 Broken Object Level Authorization

API1:2019 Broken Object Level Authorization

|
DescriptionAPIs often expose endpoints that handle object identifiers, creating a wide potential attack surface. Object level authorization is an access control mechanism usually implemented at the code level to validate a user’s ability to access a given object. Authorization and access control mechanisms in modern applications are complex and wide-spread ... Read More

API Security Checklist

|
This API Security Checklist will help you close the gaps in your API security strategy. Each item in the API Security Checklist is arguably just as critical as the next, but don’t get overwhelmed. This API Security Checklist is provided to help you navigate through the top items in area ... Read More
Understanding the Security Impacts of the iPhone Call Recording App Vulnerability

Understanding the Security Impacts of the iPhone Call Recording App Vulnerability

|
News about a vulnerable call recording app for iPhone made the rounds in early March when TechCrunch ran an article about the event. “Call Recorder,” or “Acr call recorder” as it is listed in the Apple App Store, used an insecurely designed web API to fetch call recordings from AWS ... Read More
The Experian API Security Incident - What Happened and How can you Protect Yourself

The Experian API Security Incident – What Happened and How can you Protect Yourself

|
While using an unnamed lender site, an independent security researcher by the name of Bill Demirkapi discovered a flaw in an API that was designed to assess an individual’s credit worthiness as part of promotional inquiries. The lender site called an Experian API to validate the user provided PII including ... Read More
Loading...