With authentication, you can face serious consequences if you follow the old motto, “if it ain’t broke, don’t fix it.” From applications to APIs, authentication tells you whether the person or technology accessing a resource is legitimate. In 2017, the Open Worldwide Application Security Project (OWASP), identified broken authentication as #2 on its list of Top 10 application security threats.

Application Programming Interfaces (APIs) are the backbone of modern software development, enabling seamless communication between various systems and services. As organizations increasingly rely on APIs to power their applications and services, the need for robust API management and monitoring solutions becomes paramount. Capturing API calls and gaining insights into their behavior can significantly enhance the development, troubleshooting, and security of APIs.

So many logs. So little space. If you’re like most people running an Amazon Web Services (AWS) environment, then you probably have a vast collection of log files that include things like VPC flow logs and CloudWatch data. As if that’s not enough, you’re also collecting information about everything and everyone else connected to your cloud, like users, devices, network devices, applications, and APIs.

Like most organizations, your company likely invested in various Microsoft products. The Microsoft ecosystem provides businesses with nearly every kind of technology necessary, from workstation operating systems to Azure to Windows 365 that includes cloud-native versions of their traditional Office tools and the communication platform Teams. However, attackers are just as invested in the Microsoft ecosystem.

In the ever-evolving landscape of cybersecurity, where the battle between defenders and hackers continues to escalate, it is crucial to scrutinize every aspect of web interactions. While the HTTP status code 200 OK is generally associated with successful API calls, there’s a dark side to its seemingly harmless appearance that often goes unnoticed.

Graylog API Security v3.6 is here! Just taking the version number by itself, v3.6 sounds like an incremental step forward. But the truth is that v3.6 isn’t just a release milestone; it’s a huge inflection point in our mission to improve API security. There are multiple “firsts” in v3.6, which makes the total combination even more exciting.