API Protection Free Trail

API3:2019 Excessive Data Exposure: Understanding the Risks, Impacts, and How to Prevent It

Excessive data exposure occurs when APIs reveal more fields, data, and information than the client requires through the API response. The post API3:2019 Excessive Data Exposure: Understanding the Risks, Impacts, and How ...
Multi-Tenant SaaS Authentication Bypass or Works-as-Designed?

Multi-Tenant SaaS Authentication Bypass or Works-as-Designed?

Four months ago, researchers at Cequence discovered an authentication vulnerability in the Lithium community forum platform (now part of Khoros), that warranted a responsible disclosure submission. The vulnerability impacts Khoros customers using ...

Some Recent API Security Related Gaffes, And How They Might Have Been Avoided

This is the second of three guest blogs as part of our collaboration with Cequence. In the first blog on August 30, I wrote about how we’ve seen the level of API ...
Hey API! What you Token?

Hey API! What you Token?

Technology is always evolving with some of it widely adopted, while others never get implemented. In some cases, the technology adopted for the sake of the latest and greatest is implemented incorrectly, ...
API Security Need to Know: Lessons Learned From the Peloton Security Incident

API Security Need to Know: Lessons Learned From the Peloton Security Incident

By now most have heard about the Peloton data breach incident and no doubt the security team at Peloton is working long, hard hours to pull themselves out of this horrible situation ...
Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks

Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks

As a mechanism to offload PCI risks, many retailers are now using third-party credit card processing for their online transactions. The retailer’s benefit is they are no longer handling the credit card ...
Cequence API Sentinel Demo

API Security Need-to-Know: Ramifications of Weak API Authentication

In today’s blog, we will discuss the ramifications of unauthenticated APIs using the recently published ZIPNet vulnerability. ZIPNet is an online application operated by Law Enforcement Authorities in India to share Crime ...