Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2024

wallarm

Evolution of Attack Surface Management

Aug 30, 2024 By Wallarm In Wallarm
While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, and network devices. The primary objective was to maintain an accurate record of these assets to ensure proper configuration and patch management.
Read Post
salt security

Mastering API Compliance in a Regulated World

Aug 28, 2024 By Eric Schwake In Salt Security
As we continue our Summer School blog series, let's focus on a vital aspect of modern application security: the relationship between API posture governance, API security, and the constantly changing regulatory compliance landscape. In today's interconnected world, where APIs are crucial for digital interactions, organizations are challenged with securing their APIs while complying with complex regulations designed to protect sensitive data and critical infrastructure.
Read Post
graylog

Graylog API Security Content Pack: Changing the Game!

Aug 28, 2024 By Ethan C. Keaton In Graylog
APIs form the backbone of modern digital systems, enabling seamless data exchange and integration. However, their critical role also makes them attractive targets for cyber threats. Traditional security measures often fail to address API-specific challenges effectively. Graylog API Security Content Pack emerges as a game-changer, reimagining API defense through innovative threat detection and response approaches.
Read Post

AI in API Security: How Artificial Intelligence Enhances API Protection"

Aug 26, 2024 By Wallarm In Wallarm
Explore how artificial intelligence is revolutionizing API security by detecting and mitigating threats in real-time. In this video, we discuss the growing importance of AI in safeguarding APIs against malicious attacks and how it helps organizations stay ahead of evolving cyber threats.
View Video
salt security

The Hidden Dangers of Zombie and Shadow APIs-and Why Only Salt Security Can Tackle Them

Aug 23, 2024 By Eric Schwake In Salt Security
In today’s hyper-connected digital landscape, APIs are the lifeblood of innovation, powering everything from customer experiences to internal operations. However, with this growing reliance on APIs comes a dark side—zombie and shadow APIs. These hidden, forgotten, or undocumented endpoints present significant security risks that traditional approaches simply can’t address.
Read Post
salt security

Hybrid API Security: The Best of Both Worlds

Aug 21, 2024 By Eric Schwake In Salt Security
In API security, organizations frequently encounter a tough decision: whether to opt for the flexibility and scalability of a SaaS solution or the data control and privacy of an on-premises deployment. Salt Security's hybrid deployment option provides a solution that combines the advantages of a SaaS solution with the assurance of data privacy, offering the best of both worlds for organizations.
Read Post

API Security Best Practice by GigaOm #apisecurity #apiattacks #apimonitoring #cybersecurity

Aug 21, 2024 By Wallarm In Wallarm
In this video, we highlight the most critical criteria for effective API security, helping you understand what to prioritize in your security strategy. Learn how to evaluate and implement key API security measures to protect your organization from growing cyber threats.
View Video
appknox

Integrating Swagger UI into Web Apps Using Webpack 5 & EmberJs

Aug 20, 2024 By Subho Halder In Appknox
This article provides a detailed guide on successfully integrating Swagger UI into web applications using EmberJs as the Javascript framework and Webpack as the module bundler. We will cover the step-by-step process, including any challenges encountered along the way and how we resolved them. For those unfamiliar with Ember Js or Webpack, we have included introductory sections to get you up to speed. If you’re already familiar with it, feel free to skip directly to the integration steps.
Read Post
wallarm

The Other Crowdstrike Outage

Aug 19, 2024 By Wallarm In Wallarm
On July 19, 2024, a flawed update in CrowdStrike Falcon's channel file 291 led to a logic error that caused Windows systems to crash, resulting in widespread BSOD (Blue Screen of Death) incidents. The impact was severe, disrupting critical infrastructure globally, from grounded flights to halted public transit systems. In fact, you’d have to have been living under a rock to have missed this incident.
Read Post

API Leaks: Identifying and Preventing Data Exposure

Aug 19, 2024 By Wallarm In Wallarm
In this video, we explore the growing concern of API leaks and how they can lead to significant data exposure. Learn about the key strategies for identifying and preventing API leaks to protect your organization’s sensitive information. Our experts provide actionable insights on mitigating risks associated with API vulnerabilities.
View Video
wallarm

Unveiling Top API Vulnerabilities and Emerging Trends: Introducing the Wallarm Q2 2024 API ThreatStats Report

Aug 16, 2024 By Wallarm In Wallarm
As we move through 2024, the Wallarm Research Team continues to monitor the evolving API vulnerability and threat landscape. Our latest Q2 ThreatStats Report reveals critical trends and developments that are reshaping the security environment. Continuing from our Q1 findings, the surge in AI API vulnerabilities is not only persisting but intensifying, with an alarming increase in both the volume and severity of exploits.
Read Post

API Attacks: Understanding Malicious and Malformed Threats

Aug 15, 2024 By Wallarm In Wallarm
This video dives into two critical categories of API attacks: malicious intentions and malformed API threats. Learn why these dangers are becoming increasingly significant for modern companies and how API security can help prevent major incidents. Experts from GigaOm and Wallarm discuss how to identify and mitigate these vulnerabilities to ensure the safety of your data.
View Video
salt security

TracFone Breach Underscores Critical Need for Mobile Carrier API Security

Aug 15, 2024 By Adam Fisher In Salt Security
The recent Federal Communications Commission (FCC) settlement with TracFone Wireless, Inc. (TracFone) for $16 million highlights a critical vulnerability within the mobile telecommunications industry: API security. The investigation revealed unauthorized access to customer data through weaknesses in TracFone's mobile carrier APIs. This incident reminds mobile carriers to prioritize robust API security measures to safeguard customer data and ensure network integrity.
Read Post
salt security

Time is of the Essence: Shrinking MTTR in API Security

Aug 14, 2024 By Eric Schwake In Salt Security
In the fast-paced world of cybersecurity, every second counts. When an API attack occurs, the speed at which your security team can detect, understand, and respond to the threat can mean the difference between a minor incident and a major data breach. This is where Mean Time to Resolve (MTTR) comes into play. MTTR is a key performance indicator (KPI) that measures the average time it takes to resolve a security incident, from the moment it's detected to the point where it's fully mitigated.
Read Post
netacea

How Attackers Use APIs to Disguise Bots as Games Consoles

Aug 13, 2024 By Alex McConnell In Netacea
Attackers and bot authors are continually evolving their methods, shifting their focus beyond just websites. With websites often having a reasonable level of protection, malicious actors are increasingly targeting less-protected areas, namely APIs, with their bots. This blog post delves into the evolving threat landscape. We’ll focus on how attackers exploit APIs and IoT devices to launch attacks like credential stuffing, using streaming services as a prime example.
Read Post
salt security

Gartner Insights: Navigating the Evolving API Protection Market and Taking Action

Aug 13, 2024 By Eric Schwake In Salt Security
Securing your API ecosystem is increasingly complex, leaving organizations unsure where to begin. Gartner's 2024 Market Guide for API Protection offers clear guidance: Understanding your API attack surface and prioritizing your security efforts is crucial. Once you have visibility into your API landscape, you can implement appropriate security measures to protect your APIs from abuse and access violations.
Read Post

API Security Testing on Free Swagger collection

Aug 13, 2024 By VISTA InfoSec In VISTA InfoSec
API security is a critical aspect of modern web applications, ensuring that your APIs are robust and secure from potential threats. In our latest video, we dive into API security testing using a free Swagger collection. Swagger, an open-source framework, allows developers to design, build, document, and test their APIs with ease. By leveraging Swagger collections, you can perform comprehensive security testing to identify vulnerabilities such as injection flaws, data exposure, and improper authentication. This proactive approach helps in mitigating risks and protecting your API endpoints from malicious attacks.
View Video
salt security

Exploring the dynamic landscape of cybersecurity threats

Aug 9, 2024 By Chen Gafson In Salt Security
Hello, My name is Chen, and I work as a threat intelligence analyst at Salt Security. Every day, I dive into the complex world of cybersecurity, uncovering the hidden threats that hide in our digital lives. Today, I'd like to take you on a journey through the evolving landscape of API threats. APIs are the quiet helpers of the digital world, allowing software applications to communicate easily with each other.
Read Post
salt security

Beyond the Noise: Achieving Accurate API Inventory with AI

Aug 7, 2024 By Eric Schwake In Salt Security
The prevalence of APIs in today's digital environment is undeniable. They are crucial for modern applications, enabling seamless communication and data exchange between different software components. The rise of AI and machine learning has further accelerated API adoption, not only for accessing data and resources but also for rapid API development and deployment.
Read Post
salt security

Salt Security Continues to Innovate as Leader in API Security

Aug 6, 2024 By Eric Schwake In Salt Security
The API security landscape is changing rapidly, and cybercriminals are becoming increasingly sophisticated. According to the Salt Labs State of API Security Report 2024, API security incidents have more than doubled in the past 12 months, while API usage is rapidly increasing. Organizations are finding it challenging to keep up with the threats associated with expanding API ecosystems and fully understand their complex behavioral attributes.
Read Post
salt security

The Importance of API Security Governance in a Dynamic Threat Landscape

Aug 6, 2024 By Eric Schwake In Salt Security
As noted in the 2024 Gartner Market Guide for API Protection“API security governance is an emerging capability. It allows the administrator of the tool to define and enforce security policies. Unlike posture management, this is a top-down enforcement. It also allows for compliance reports for specific regulations to be generated automatically.” This capability is becoming increasingly important as organizations face a constantly evolving threat landscape.
Read Post
astra

What is API Security Testing & How to Perform It? A Detailed Guide

Aug 3, 2024 By Ananda Krishna In Astra
What is API Security Testing? API security testing is a process of carefully evaluating API endpoints to identify and remediate vulnerabilities such as fuzzy input, parameter tampering, or injection attacks. Acting as the first line of defense, it meticulously examines endpoints to identify and neutralize vulnerabilities before attackers can exploit them.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.