Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Securing API Keys: A Guide for Analysts and Engineers

API keys are unique identifiers that enable developers to access and interact with an application's data and services. They act as a bridge between applications, allowing them to share data and functionality. In today's digital world, API keys are increasingly important as they facilitate seamless communication between various applications and services.

Bank Account Verification: The Benefits of Using Bank Account Verification APIs

When a consumer opens a bank account, the bank goes through a procedure called bank account verification. It enables all required checks to be made on the account user and the source of their income, successfully stopping illegal activities like money laundering and the financing of terrorism. In this post, we’ll examine how to validate a bank account and its owner, as well as the legal considerations that must be made while validating a client’s bank account.

Latest Salt Accolades - Customer Award + Cyber 66

I’m excited to share the latest evidence of Salt leadership in API security, with two powerful tributes. First – Salt Security has been honored as winning the “Peace of Mind” category during the first-ever Ally Technology Partner Awards! Ally Financial, the nation’s largest digital-only bank and leading auto finance company, highlighted five suppliers for their outstanding service excellence across a broad array of criteria.

Can we prevent a security incident like Loom's?

On March 7, 2023, Loom experienced a security incident caused by a settings change in their CDN. Even with extensive internal testing, the nature of the problem caused it to go unnoticed until the change landed in production. Their incident report is a great explanation of the issue itself, so I won't reiterate much of it here, but what I will look at is a related issue, and how static code analysis tools integrated into development pipelines could have prevented the issue.

Guild Education Gives Salt an A+ for API Protection

Keeping our customers’ data safe so that they can move forward with business innovation is our constant north star here at Salt. But it’s even more gratifying when our mission is in service to a higher purpose, as it is with today’s announcement of our deployment at Guild Education. With its Career Opportunity Platform, Guild Education helps employees forge a better career path through education.

API2:2019 Broken User Authentication: The What, Impact, Sample Exploit, and Prevention Methods

API2:2019 Broken User Authentication happens when an attacker bypasses an API’s authentication and authorization mechanisms and gains access to sensitive data or functionality that should only be available to authorized users.

Broken Object Level Authorization: API security's worst enemy

According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns.

Salt Goes Gold Again, with Two Globee Cybersecurity Awards

Last week, three golds. This week, two more. Wow – the accolades keep coming. Salt took top honors in two Globee® Cybersecurity World Award categories: Hot Security Company of the Year for Security Software, and API Management and Security! You can read all the formal details in our announcement. We’ve earned five awards in the past two weeks, and the month isn’t even half over.

Top Changes in the OWASP API Security Top 10 2023RC

The OWASP API project has recently decided to refresh the popular API Security Top 10 threat map. The team at Salt Security has always been actively involved in this project, having been a key contributor to the initial creation of the list. And we continue to be deeply involved in the thinking process, data gathering, and brainstorming in updating it. As of the writing of this post, the final version of API Security Top 10 2023 has not been officially released.