The JFrog Security Research team released the findings of a recent investigation wherein they uncovered thousands of publicly exposed, active API tokens. This was accomplished while the team tested the new Secrets Detection feature in the company’s JFrog Advanced Security solution, part of JFrog Xray.

Developing and testing a frontend feature can be difficult, especially when the backend it depends on is not ready. This dependency on a backend API often slows down the development process. In scenarios like this, developing a mock API can save you a lot of time by allowing you to develop your feature independent of the backend, and make it easier to test and identify scenarios where your API might fail before it is ready.

If you’re responsible for security, then you know how useful it is to have clearly-defined security policies that are simple to implement, scale, and verify. Product and AppSec teams know that great security policies empower teams to work autonomously so that work moves forward as it should. However, validating that your security policies are actually implemented is difficult.

Securing REST APIs is particularly difficult since they are highly interconnected and not designed for manual access. To save time and be more efficient, many developers rely on testing solutions that can automatically detect REST API endpoints and test parameter properties within them. In this article, I want to provide an overview of the 6 biggest challenges of REST API security testing and how test automation can help resolve them.

An application programming interface, or API, is a defined process that allows data to be shared between applications or programs. Each API consists of a set of rules that dictates how communication occurs between a client and a server or external program. The required request format, the authentication process, and the encryption of data all have set guidelines so that the API knows what information to share and when and how to share it.