The cost of not knowing what good isCould you imagine our interstate highway system without roadway bridges? I don’t think anyone would argue that bridges are not an essential part of an effective ground transportation network. So it doesn’t surprise me that when I ask people what makes a highway ... Read More

We have breaking news! Today we’re launching our Salt Technical Ecosystem Partner (STEP) Program, to accelerate how we can tap the deep API insights of the Salt platform to enrich the API ecosystem. These integrations, which pull the adaptive intelligence Salt builds for each API environment into adjacent technologies, will ... Read More

In an ideal world, security incidents result in minimal damage, and we can learn from them to improve our future defenses. Fortunately, such appears to be the case with JumpCloud. According to JumpCloud’s blog post, its recent security incident impacted fewer than 5 JumpCloud customers and fewer than 10 devices ... Read More

With hundreds of contributors, the MITRE ATT&CK Framework has become a vital resource of open source knowledge for the security industry. CISOs and cybersecurity professionals around the globe rely on the framework to increase their understanding about different cyber-attack tactics, techniques and procedures (TTPs). With insights about TTPs relevant to ... Read More

Confused about the difference between a web application firewall (WAF) and a web application and API protection platform (WAAP)? Curious how intelligent a next-gen “intelligent WAF” really is? Wondering whether you need dedicated API security if you have a WAAP? Can you really trust a WAAP to secure your critical ... Read More

Last week, T-Mobile disclosed that the personally identifiable information (PII) of 37 million of its past and present customers had been breached in an API attack. They also shared that the attack had been going on since November but was only caught January 5 by T-Mobile’s security team. Coverage of ... Read More

A lot of attention in API security today is focused around implementing a sound security strategy across an API’s lifecycle, from design to deployment. But not all APIs in use by organizations are written internally. These so-called third-party APIs may be used as part of a functional digital supply chain ... Read More

Beware The Ghoulish Offspring of API SprawlHalloween is not the only time Zombies, Shadows, and Ghosts come to life. Unbeknownst to many, these abominations live year round inside many organizations, haunting the most experienced application security professionals and threat hunters. You won’t find them lurking in closets, or basements, or ... Read More

The way we need to protect APIs has changed. APIs have become the critical enablers for today’s digital economy. APIs have not only transformed how we build modern day applications and services, but have also transformed how we live. APIs enable you to pay for your morning coffee using a ... Read More