The parable of the blind men and an elephant is a story of a group of blind men who have never encountered an elephant before, and who learn and imagine what the elephant is like by touching it. Each blind man feels a different part of the elephant’s body, but only one part, such as the side or the tusk. They then describe the elephant based on their limited experience, and their descriptions of the elephant are different.

In recent years, there has been a significant rise in the number of API attacks, posing a growing threat to businesses and organizations across various industries. APIs, or application programming interfaces, have become essential for enabling communication and data exchange between different software systems. However, this increased reliance on APIs has also made them an attractive target for cybercriminals.

In today’s fast-paced development environment, a comprehensive API security testing strategy is no longer a luxury, but a necessity. Testing your APIs for security gaps ensures that your APIs function are reliable, secure, and perform as expected under different circumstances. It helps to identify issues such as incorrect data formats, missing or inaccurate data, and faults in authentication or authorization.

The Advanced Technology Academic Research Center (ATARC) published its intermediate level document providing guidance to state and local agencies using the Cybersecurity & Infrastructure Security Agency (CISA) Zero Trust Architecture (ZTA) model as a foundation. This document is a must-read for all state and local agencies, particularly those who are interested in pursuing any of the $1 billion in federal cybersecurity grant money over the next few years.