Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

How we usability test our SaaS product

Usability testing is a method for evaluating your product to see how it performs in real contexts. It helps test user behavior, performance, and satisfaction, while consequently offering opportunities to improve the user experience within the product. Often, in a fast-paced company, user research ends up overlooked because it takes up time and resources. However, all the team's hard work will be wasted if you end up making something that nobody wants to use.

How and why you should secure APIs

APIs are a crucial tool in today’s business environment. Allowing applications to interact and exchange data and services means that companies can provide an ever-greater range of features and functionalities to their clients quickly and easily. So, it is no wonder that a quarter of businesses report that APIs account for at least 10% of their total revenue - a number that will only increase in coming years.

Improving GraphQL security with static analysis and Snyk Code

GraphQL is an API query language developed by Facebook in 2015. Since then, its unique features and capabilities have made it a viable alternative to REST APIs. When it comes to security, GraphQL servers can house several types of misconfigurations that result in data compromise, access control issues, and other high risk vulnerabilities. While security issues with GraphQL are widely known, there’s little information on finding them outside of using dynamic analysis.

Automate data discovery & classification with Bearer

Data leaks and breaches lead to business risks such as regulatory fines, brand damage and revenue loss. In order to protect your organization against it, you must implement security policies that describe your data taxonomy as well as the security controls for each category of data. From there, you can uncover and classify data flows across your products, audit security controls, identify gaps with your security policy, and remediate issues.

Tips for using tree sitter queries

When it comes to use cases like quick code formatting and syntax highlighting across many languages, tree-sitter is an excellent tool. But it does so much more than that. At Bearer, we use it as the base for our static code analysis feature. In this article we’ll look at tree sitter, how to use it, and how to avoid some of mistakes we made when implementing it. This should help you in making the decision if tree sitter is a good choice for your use case.

Building a secure GraphQL API with Node.js

GraphQL provides security straight out of the box with validation and type-checking. However, it doesn’t fully address security concerns around APIs. In this article, we’ll learn how to secure GraphQL APIs by building a simple Node.js application using Fastify and GraphQL. According to its official documentation, GraphQL is a graph query language for APIs and a runtime for fulfilling those queries with our data.

Getting to grips with APIs

There’s nothing more frustrating than coming up against an API that won’t cooperate, no matter how hard or long you try! A key component of building integrations, APIs have been a big deal for over a decade. At this point, if a software company doesn’t have one, its technology is as good as obsolete. More than a third of analysts, in a new Tines survey, indicated that API-first is the single most important feature and capability they would look for when evaluating a new SOAR tool.

DevSecOps: How to bring data security into the development workflow

DevSecOps refers to the integration of security controls across the whole software development lifecycle. It is first and foremost an organizational culture, enabled by processes and tools, where development teams share the responsibility for delivering secure software with the security team. This differs from organizations where development and security responsibilities are completely siloed in distinct teams.

A Proof-of-Concept for API Caching at Egnyte

As Egnyte’s business and customer base grows, we have an engineering responsibility to provide data quickly and at high availability. In this blog I’ll recap one of those efforts—a proof-of-concept API caching project that serves our large folder listing capabilities and has future applications in other Egnyte services.