The API ecosystem is global and rapidly expanding. In its 2021 State of the API Report, Postman reported that its user base spanned 234 countries and collectively made 855 million API requests. Over half of Postman survey respondents also indicated that they deploy new APIs to production once per day, ... Read More

APIs provide the fuel for today’s modern applications. However, the broad landscape of API design patterns and API consumer types complicates API security requirements for organizations. The protection of APIs – and the critical data and services they enable – extends across multiple security vectors, and many are not yet ... Read More

Security practitioners often express concerns across related security problem areas. They may phrase their questions in the unique language of their industry, but supporting processes and technology remain similar at their core. Threats including account takeovers or digital supply chain attacks are very often the result of API problems. Today, ... Read More

The world witnessed no shortage of API-related security incidents in 2021. Gartner has made a prediction on this front for a number of years, which we’ve seen play out precisely. Much focus has been on the Gartner strategic planning assumption (SPA) that by 2022, API abuses will become the most-frequent ... Read More

If 2022 is anything like 2021, we’ll see no shortage of API-related events this coming year. In 2021, we saw many issues originating from leaky APIs, misconfigurations, weak or broken access controls, latent vulnerabilities, and poor coding practice. The end result was a laundry list of data exposures, data loss, ... Read More

Understanding what “good” looks like in API Security so you can mitigate API attacksModern applications are built on APIs, and application security practices now heavily depend on API security practices. As with any new technology, organizations don't always know how to evaluate what “good” looks like and measure what features ... Read More

DescriptionAPIs often expose endpoints that handle object identifiers, creating a wide potential attack surface. Object level authorization is an access control mechanism usually implemented at the code level to validate a user’s ability to access a given object. Authorization and access control mechanisms in modern applications are complex and wide-spread ... Read More

This API Security Checklist will help you close the gaps in your API security strategy. Each item in the API Security Checklist is arguably just as critical as the next, but don’t get overwhelmed. This API Security Checklist is provided to help you navigate through the top items in area ... Read More

News about a vulnerable call recording app for iPhone made the rounds in early March when TechCrunch ran an article about the event. “Call Recorder,” or “Acr call recorder” as it is listed in the Apple App Store, used an insecurely designed web API to fetch call recordings from AWS ... Read More

While using an unnamed lender site, an independent security researcher by the name of Bill Demirkapi discovered a flaw in an API that was designed to assess an individual’s credit worthiness as part of promotional inquiries. The lender site called an Experian API to validate the user provided PII including ... Read More