%term

How to Build an API Security Strategy: The Complete Guide (2026)

Jan 8, 2026 By Jinson Varghese In Astra

Today, APIs power everything from mobile apps to cloud platforms, quietly moving data behind the scenes. That invisibility makes them prime targets. Over 84% of organizations experienced API security incidents last year, with breaches exposing ten times more data than in traditional attacks. Attackers now deploy AI-powered tools that map endpoints in minutes and exploit business logic flaws your defenses can’t see.

Read Post

Astra

Read more about How to Build an API Security Strategy: The Complete Guide (2026)

6 Best Runtime API Security Tools for Kubernetes & Cloud-Native Environments in 2026

Jan 7, 2026 By Jonathan Kaftzan In ARMO

Why isn’t your API gateway enough? Gateways control access; WAFs block known signatures. Neither sees what happens at the application layer—where SQL injection executes, where SSRF reaches your metadata service, where lateral movement begins. Runtime security monitors live behavior, not just perimeter traffic. What’s the real problem with API security tools? Most see only one layer. API security sees traffic patterns. Container security sees process execution.

Read Post

ARMO

Read more about 6 Best Runtime API Security Tools for Kubernetes & Cloud-Native Environments in 2026

The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Jan 6, 2026 By Eric Schwake In Salt Security

In the race to deploy autonomous AI agents, organizations are inadvertently building on a foundation of shifting sand. While security teams have spent the last year focused on "Prompt Injection" and "Model Poisoning," a much older, more dangerous adversary has quietly become the primary attack vector for the agentic era: Broken Object Level Authorization (BOLA).

Read Post

Salt Security

Read more about The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Edge Security Is Not Enough: Why Agentic AI Moves the Risk Inside Your APIs

Dec 30, 2025 By Eric Schwake In Salt Security

For the last twenty years, cybersecurity has been built around the edge: the belief that threats come from the outside, and that firewalls, WAFs, and API gateways can inspect and control what enters the environment. That model worked when applications were centralized, traffic was predictable, and most interactions followed a clear pattern: a user in a browser talking to an app inside a data center. Agentic AI breaks that model.

Read Post

Salt Security

Read more about Edge Security Is Not Enough: Why Agentic AI Moves the Risk Inside Your APIs

Authenticate Users in Joomla Using the REST API: A Practical Guide for Developers

Dec 30, 2025 By Identity & Access Management (IAM) In miniOrange

Modern Joomla applications are no longer limited to traditional website workflows. Today, Joomla powers mobile apps, headless frontends, third-party integrations, and backend services that rely heavily on REST APIs. In all these cases, secure API authentication becomes a foundational requirement.

Read Post

miniOrange

Read more about Authenticate Users in Joomla Using the REST API: A Practical Guide for Developers

Ensuring API Testing Meets Compliance: Policies, Performance, and Proof

Dec 23, 2025 By Rucha Wele In Appknox

APIs sit at the center of modern applications. They move data between systems, power mobile apps, and enable integrations at scale. Naturally, they are also a focal point for regulators, auditors, and attackers. Most organizations today do test their APIs. Yet many still struggle during audits. Not because testing didn’t happen, but because it wasn’t consistent, governed, or provable. Compliance frameworks don’t ask whether you ran an API scan.

Read Post

Appknox

Read more about Ensuring API Testing Meets Compliance: Policies, Performance, and Proof

Bots vs. Barcodes: The Resource Quota Failure. #ticketmaster #bla #ratelimiting #businesslogic

Dec 23, 2025 By Wallarm In Wallarm

The infamous Ticketmaster case highlights BLA 1: Resource Quota Violation. Attackers used bots for mass purchasing and employed ingenious evasion: they reverse-engineered the barcoding logic to rotate and authenticate tokens, bypassing security controls. The core failure? Flawed rate limiting and business logic expiration. You must protect your inventory and your purchasing flows as if they were financial assets.

View Video

Wallarm

API
Security

Read more about Bots vs. Barcodes: The Resource Quota Failure. #ticketmaster #bla #ratelimiting #businesslogic

Protecting the Language of AI: Why API Security is No Longer Optional

Dec 23, 2025 By A10 Networks In A10 Networks

Protecting the Language of AI: Why API Security is No Longer Optional As AI continues to reshape the digital landscape, APIs have become the "language" of innovation—but they've also become a massive target for attackers. In this clip from the A10 Networks webinar, "APIs are the Language of AI: Protecting Them is Critical," security experts Jamison Utter and Carlo Alpuerto discuss the complexities of modern API security.

View Video

A10 Networks

Read more about Protecting the Language of AI: Why API Security is No Longer Optional

Asymmetric Data: The New Challenge for API Security

Dec 22, 2025 By A10 Networks In A10 Networks

Asymmetric Data: The New Challenge for API Security In this A10 Networks video, "APIs are the Language of AI: Protecting Them is Critical," security experts Jamison Utter and Carlo Alpuerto discuss the unique challenges of securing AI-driven data exchanges. Unlike traditional API interactions—where a request for a video clearly results in a video—AI interactions are defined by a "phenomenal" level of asymmetry. A tiny text request can trigger a massive, unpredictable response, making traditional security prediction models nearly obsolete.

View Video