Another day, another API breach in the news. The latest breach occurred on the Life360 platform where an advisory was able to gleam 400k user phone numbers, based on the article written on Bleepingcomputer.com. Known only by their 'emo' handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user's email address, name, and phone number.

Breaking into an organisation’s IT infra doesn’t always require complex methods. Hackers often exploit normal applications and API functions in unexpected ways to access sensitive data. For example, the 2019 Venmo breach involved the exploitation of an open API to scrape millions of payment records. A design oversight in the API allowed attackers to exploit its normal functions in an unintended manner—scraping payment records without proper authorization.

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training tools. In this blog post, we'll present a curated list of such APIs, each with its own unique set of characteristics.

In the ever-evolving landscape of cybersecurity, API attacks pose significant threats to organizations. These attacks, particularly the low and slow variety, are notoriously challenging to detect and mitigate. Salt Security stands out as the premier solution for identifying and addressing these sophisticated threats, setting a benchmark that competitors struggle to match. Here’s why Salt Security is unparalleled in catching low and slow API attacks.

The digital economy runs on APIs, the building blocks of the modern internet. From effortless mobile payments to convenient food deliveries, APIs work silently behind the scenes to power the applications we use every day. While APIs aren't new, their usage has exploded in recent years. Cloud computing, agile development practices, and the pandemic-driven surge in digital services have fueled this rapid growth.

If you have ever jailbroken an iOS device, you have likely encountered many things that we will discuss today. Let's start with one of the most commonly used terms that gets thrown around: iOS tweaks. There are plenty of them out there, depending on the needs - whether for fun or profit, simple or complex - ranging from making your lock screen look fancy to running your banking app on a jailbroken device.

We're gearing up with some seriously cool stuff for Black Hat! But first, a little sneak peek - not just one, but TWO of Wallarm's open-source tools will be featured in the Arsenal showcase at Black Hat USA this year. Black Hat Arsenal unites researchers and the open-source community to display their newest open-source tools and products, allowing presenters to engage directly with attendees. Its schedule is now live, so save the date to watch presentations of API Firewall and GoTestWAF.

One famous case of a major telecom player involved 10 million customer accounts being breached, and days later, an extortion demand for $1 million pounds cash was also made. The weak link? A forgotten ‘Zombie API.’

In the ever-evolving landscape of AI, maintaining compliance standards and ensuring secure usage of generative AI applications remains an important priority for enterprises. Across the globe, regulatory frameworks like the European Union’s AI Act have been established to ensure that AI systems are developed and deployed in a manner that prioritizes safety, transparency, ethics, and fundamental rights.