api

Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks

Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks

| | api, API security, API vulnerability, CQAI, Fraud, Tales from the Front Lines
As a mechanism to offload PCI risks, many retailers are now using third-party credit card processing for their online transactions. The retailer’s benefit is they are no longer handling the credit card ...
Cequence
Refactoring a Live SaaS Environment

Refactoring a Live SaaS Environment

| | api, SaaS, Software Development, software engineering, static code analysis
We decided to refactor and re-implement almost all of our back-end and UI. This is how we went through the design and implementation. You can experience the new design by trying ShiftLeft ...
ShiftLeft Blog - Medium
Day3_Blog3_API1.png

API Discovery and Profiling — Visibility to Protection

| | api, apisecurity, Cloud Security, credentialstuffing, ddos, denialofservice, konasitedefender
APIs have become a dominant mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, while exposing back-end data and logic to create new and innovative offerings. Protecting ...
The Akamai Blog

Tales from the Front Lines: Whitelist and Forget, A Cautionary Tale

| | api, bulletproof proxies, CQ Prime, Tales from the Front Lines, Threat Research, Uncategorized, whitelist
Stopping attackers and their malicious intent is every security practitioners’ goal. But there are times when we need to grant unfettered access to network resources for day-to-day operations. Better known as whitelisting, ...
Cequence
APIs

APIs: Securing the Stitching Connecting Applications

| | api, API security, applications, microservices
 Application programming interfaces (APIs) are an essential enabler of innovation in today’s digitally driven world. Applications (or application components) can leverage APIs to connect to other apps and communicate autonomously. APIs are ...
Security Boulevard
DDoSBlog1-thumb-700x505-10718.jpg

Web Application and API Protection — From SQL Injection to Magecart

| | api, Cloud Security, sqlinjection, waf
SQL injections were first discovered in 1998, and over 20 years later, they remain an unsolved challenge and an ongoing threat for every web application and API. The Open Web Application Security ...
The Akamai Blog
Aite Group Research Validates API Security Gaps

Aite Group Research Validates API Security Gaps

| | analyst, api, API security, API Sentinel, News and Trends
2020 is moving into the final quarter and it appears to be the year of the API security incident with MGM, Starbucks, Data Viper and Docker as just a few examples of ...
Cequence

How Isolation Changes Incident Response

| | api, Incident Response, Isolation, logging, Phishing
Large Groups of Isolated Users Shrink Your Exposure Surface Enterprises frequently acquire an isolation solution (with Menlo for remote browser isolation) for groups of users, such as VIPs, rather than their entire ...
Menlo Security Blog

NDR for AWS Well-Architected

| | amazon, Amazon Machine Image, Amazon Virtual Private Cloud, AMI, api, aws, AWS Kinesis, AWS Simple Storage Service, AWS Well-Architected, Corelight Sensor, DevSecOps, ec2, Fleet Manager, high availability, IaaS, iam, load-balancer, NDR, partnership, Product, RBAC, RESTful API, SIEM, Virtual private cloud, vpc
By Roger Cheeks, US-East Sales Engineer, Corelight Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS ...
Bright Ideas Blog
Cequence API Sentinel Demo

API Security Need-to-Know: Ramifications of Weak API Authentication

| | api, API Attack, API security, API vulnerability, News and Trends, Threat, ZIPNet
In today’s blog, we will discuss the ramifications of unauthenticated APIs using the recently published ZIPNet vulnerability. ZIPNet is an online application operated by Law Enforcement Authorities in India to share Crime ...
Cequence
Load more