API Security Need to Know: Questions Every Executive Should Ask About Their APIs

Using NIST CSF to Reign in your API Footprint As your digital transformation accelerates, it’s API volume and usage has accelerated in tandem. It is also very likely that your API security ...
Cequence API Sentinel Demo

API Security Need-to-Know: Ramifications of Weak API Authentication

In today’s blog, we will discuss the ramifications of unauthenticated APIs using the recently published ZIPNet vulnerability. ZIPNet is an online application operated by Law Enforcement Authorities in India to share Crime ...

I’ve Got 99 Problems and API Visibility Ain’t One of ‘Em

Getting a handle on API Proliferation for the benefit of the broader organization API proliferation is an issue we hear about from our enterprise customers more and more. For security teams, this ...
Kasa Security

Kasa Camera Vulnerability Discovery: Responsible Disclosures Feel Like Groundhog Day, Again

When APIs Say Too Much As a Midwesterner and hobby farmer I spend a lot of time solving problems. A few months ago I encountered a problem where a live 2-month-old cucumber ...

OWASP AppSec Training Day: API Attacks Beyond the OWASP API Top 10

There still time to register for the upcoming OWASP Training Day: API Attacks Beyond the OWASP API Top 10 led by hacker-in-residence Jason Kent. This class is ideally suited for those who ...

Advance Your API Security with Amazon API Gateway & API Sentinel

API gateways are increasingly used to help accelerate new ventures or transform existing businesses. However, the People and Process components are not as mature, and as a result, some organizations have had ...
Introducing Cequence API Sentinel

Announcing Cequence API Sentinel

We are excited to announce the general availability of Cequence API Sentinel, a new API security service designed to give you continuous run-time visibility, shadow API discovery, risk analysis, and conformance assessment ...
467M API Transactions Protected Daily

APIs: The Next-Frontier in Cyber-Crime

This year is turning out to be the year that kicks every company’s digital transformation into high gear in order to support work-from-home and shelter-in-place restrictions. With such a quick shift to ...

Tales from the Front Lines: Attackers Target APIs with GET-Based ATOs 

This blog will describe how account takeovers (ATO) can be executed against APIs using GET methods, as opposed to POST. It’s an excellent example of how bad actors will analyze an application ...

Tales from the Frontlines: Increasingly Sophisticated Cat and Mouse Games  

The last Tales from the Frontlines post focused on a single customer and the attack volume increase they experienced following the COVID-19 lockdown. In this installment, we will look at the increasingly ...