In today’s fast-paced development environment, a comprehensive API security testing strategy is no longer a luxury, but a necessity. Testing your APIs for security gaps ensures that your APIs function are reliable, secure, and perform as expected under different circumstances. It helps to identify issues such as incorrect data formats, missing or inaccurate data, and faults in authentication or authorization.

The Advanced Technology Academic Research Center (ATARC) published its intermediate level document providing guidance to state and local agencies using the Cybersecurity & Infrastructure Security Agency (CISA) Zero Trust Architecture (ZTA) model as a foundation. This document is a must-read for all state and local agencies, particularly those who are interested in pursuing any of the $1 billion in federal cybersecurity grant money over the next few years.

As you probably noticed, our company has just undergone a major facelift. Though our name and logo remained intact, not much else was left untouched in this rebranding effort. It may have come as a surprise, but this strategic move will not only refresh our company’s image but also how we communicate with the marketplace.

A recent onslaught of attacks targeting the MoveIT application have affected several US Government agencies including Department of Energy (DOE); the Oak Ridge National Laboratory (ORNL) and several State governments such as Minnesota, Missouri, and Illinois. Media coverage of the vulnerabilities (CVE-2023-34362, CVE-2023-35036, and most recently CVE-2023-35708) involving a SQL injection are front and center.

Today we announced the general availability of Active Testing V2, our flagship API security testing solution, and an integral part of the Noname API Security Platform. The more API security defects we can catch during development, the cheaper and more efficient our applications become. So-called shifting left has a profound effect on security if done right. Over 85% of defects, including security issues, are created in development, mainly during the initial coding phase.

Continuing a review of the new National Cybersecurity Strategy, today I look at the second pillar, Disrupt and Dismantle Threat Actors. It’s heavy on collaboration, information sharing, and integrated response, and lays out five objectives that, on the surface, make sense: However, reading through the specifics of the five objectives, I see major challenges in achieving some of these. I’ll only address a few underlying issues in order to keep this more manageable.

Avord, a cybersecurity services and solutions organization based in the UK, is working with API security pioneer, Noname Security, to deliver API security reconnaissance as a service.

The Open Web Application Security Project (OWASP) is a global non-profit organization dedicated to improving the security of software. The OWASP foundation first released a list of the top 10 security risks faced by APIs in 2019. Although 4 years is an extremely long time when it comes to computing, the fact remains that most organizations are still in the process of putting better API security controls in place to protect against the 2019 Top 10.